IETF Logo Mail Archive

Re: there _is_ IPv6 NAT - just look for it

Jeroen Massar <jeroen@massar.ch> Sat, 15 March 2014 16:17 UTC

Return-Path: <jeroen@massar.ch>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2409F1A00BA for <ipv6@ietfa.amsl.com>; Sat, 15 Mar 2014 09:17:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n9lC7pHr9S_N for <ipv6@ietfa.amsl.com>; Sat, 15 Mar 2014 09:17:11 -0700 (PDT)
Received: from bastion.ch.unfix.org (bastion.ch.unfix.org [IPv6:2a02:2528:503:2::4]) by ietfa.amsl.com (Postfix) with ESMTP id D4EC41A00B9 for <ipv6@ietf.org>; Sat, 15 Mar 2014 09:17:10 -0700 (PDT)
Received: from kami.ch.unfix.org (dhcp-87.wireless.lah1.vix.su [24.104.150.87]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jeroen) by bastion.ch.unfix.org (Postfix) with ESMTPSA id 1BE7010039522; Sat, 15 Mar 2014 16:17:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=massar.ch; s=DKIM2009; t=1394900227; bh=XSGk05ZIFANXpWFmEfEyhEygtkJY+DKNsu/Kl79BS5Q=; h=Date:From:To:CC:Subject:References:In-Reply-To; b=oK2tklP680hWXNe0/PD4+RH061/IFR+YMO6cQTTijsB4VvhcKNiqd8vVRffieL0J0 vCwd8GI4RQ+MXQrYygz4FNXTzcs1ew39HCy72uvEUgs1MJgV6GEiwBUDm1vMZtT00A EeL/HikEheMDxXQsa2M43C174PssDrIc++CcAqw46NoBOyJW2Fo5EM/EeUTyDR5+Nt 1DBXR4RczBz0JNJn+h5N/ZImI/GDtLdShVjvPvh4dl5WFGDjqOOUo4mwPOM1rY8CkJ fuS0M6ROjBF7z7ud+Mbc8crDaUBZ1Ww4aR6tAIwlqoE+90MOc4bRrr7U0dacPFm0Z7 SNDDnIuFD5htQ==
Message-ID: <53247CF9.2020009@massar.ch>
Date: Sat, 15 Mar 2014 09:16:57 -0700
From: Jeroen Massar <jeroen@massar.ch>
Organization: Massar
MIME-Version: 1.0
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Alexandru Petrescu <alexandru.petrescu@gmail.com>
Subject: Re: there _is_ IPv6 NAT - just look for it
References: <E2C06D73-99FF-42B5-A3BE-337C307BCB0E@gmail.com> <CAKD1Yr0fjSWfPDkvc9Z53xBKxMGzYcVGzH3tLUGbjCKmgR_Duw@mail.gmail.com> <532374CD.3040100@gmail.com> <532401CB.8000003@gmail.com>
In-Reply-To: <532401CB.8000003@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ipv6/kfsIEGxkQH6C3QrNJrbuIpAq1MM
Cc: ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Mar 2014 16:17:13 -0000

On 2014-03-15 00:31, Brian E Carpenter wrote:
> On 15/03/2014 10:29, Alexandru Petrescu wrote:
>> Le 13/03/2014 15:27, Lorenzo Colitti a écrit :
>> [...]
>>> It's true that those that want IPv6 to be exactly like IPv4 are
>>> disappointed, because IPv6 is not IPv4. No, you can't do routing without
>>> RAs. No, you can't "save addresses" by making host subnets /120s (at
>>> least not easily). No, there is no RFC1918. No, ULAs are not the same as
>>> RFC1918. No, there is no NAT.
>>
>> Yes there is IPv6 NAT an dit works just like in IPv4.
> 
> We can't make it illegal, but we have already made it unnecessary.

Unnecessary for connection normal hosts, but let me admit, that I
recently found a situation where it was actually useful to have Linux's
NAT function for IPv6: forwarding connections in a proxy-style method.

This way I was able to setup a load-balanced forwarding setup for
various services without having to modify the backend systems to
understand a special header (eg X-Forwarded-For) for proper tracking of
too-many-connections and mere logging.

Note that the backend boxes actually do have their own global IPv6
address, one might just not want to expose to the world all the time.

As such, NAT has it's uses; they just should not be forced upon
end-users by the providers that they are using.

More annoyingly are the providers that will force-change your IP address
space every 24 hours; which will make people want to have NAT to avoid
renumbering.... and with 6rd, which is dependent on the IPv4 address,
this is already a reality in quite some places unfortunately.

Greets,
 Jeroen

v2.23.0 | Report a Bug | By Email