Operational challenges of no NAT
drc at virtualized.org
Fri Oct 29 19:54:59 CEST 2010
On Oct 28, 2010, at 8:45 PM, Ted Mittelstaedt wrote:
>> Is there some documented list of the usual requirements that NAT is used
>> to satisfy and the corresponding IPv6 method to satisfy that requirement?
>> Lots of IT managers really like NAT for managing the interface between
>> their network and the big bad world outside.
> I don't know about you but to me the phrase "really like" is an
> emotional, not logical, description.
To me and in this context, it is a shorthand folks use that describes the shortest path to get v6 deployed.
> But with IPv6 that paradigm [NAT] is no longer needed and we must shed it.
As has been documented several places, NAT provides functionality (e.g., increased provider independence, reduced administrative overhead/cost, topology hiding, etc.) that many folks find useful. Until that functionality can be replicated (or folks feel the costs of loss of that functionality is overridden by the benefits), people are going to continue to want NAT.
> This is all about paradigm shifts. If you have never heard that term used then look it up, your going to be dealing with a lot of them with IPv6. I daresay that if a network manager cannot deal with these then he shouldn't be working in the high technology field at all in the first place, because high tech is full of them.
It's this sort of condescension that results in less than useful discussions.
Most folks simply aren't interested in "paradigm shifts" in utility infrastructure. The Internet is a tool like telephones and electricity. Most businesses and IT shops are quite conservative. They will actively resist 'innovation' that breaks the processes and systems their business relies on, even if those processes and systems are sub-optimal from one perspective or another. NAT is something that folks use, are comfortable with, and largely understand the operational implications of (at least as they apply to themselves). It demonstrably works so why should they break it?
The original poster described operational challenges of running a network without NAT. If you believe those operational challenges can be/are addressed in IPv6, describing how this is so would be useful. Sticking your fingers in your ears and saying "La la la IPv6 means you don't need NAT" isn't helping anyone.
More information about the ipv6-ops