tjc at ecs.soton.ac.uk
Tue Feb 12 10:03:02 CET 2013
On 12 Feb 2013, at 08:38, Doug Barton <dougb at dougbarton.us> wrote:
> NPT isn't NAT. It's very likely that any extra costs for gear that can do NPT are going to be in the noise, but I do admit that this is something that remains to be seen.
> > Higher cost and a higher
> > barrier to entry for application developers as they each have to
> > re-learn NAT traversal (and no, NAT traversal is *not* the same as
> > traversing a stateful firewall - that's easier).
> Please demonstrate how these costs pertain to NPT. To the application there shouldn't be any difference between operating in an NPT environment than operating on GUAs. (This response also applies to your comment about skype.)
One of my main concerns is with the way in which applications handle address-specific operations with literals, how they handle address referrals, etc. NPTv6 makes devices inside your network directly addressable from the outside, which is a big advantage over traditional IPv4 NAT, but doesn't remove those application-oriented issues.
I'm surprised that Brian hasn't mentioned http://tools.ietf.org/html/draft-carpenter-referral-ps-02, which discusses some of the issues; in a sense NPTv6 is a form of locator-identifier split. RFC6296 reiterates part of this in section 1.2.
Now, some sites may have scenarios where these concerns don't apply, but in a diverse network where users are running, and writing, a wide range of applications, I'd much rather run with PI (which I think this discussion has shown to be relatively easy to obtain for a reasonably sized enterprise) than NPTv6.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ipv6-ops