Re: [v6ops] Fwd: New Version Notification for draft-collink-v6ops-ent64pd-01.txt

[Lorenzo Colitti <lorenzo@google.com>]

On Wed, Dec 21, 2022 at 8:44 AM Martin Huněk <martin.hunek@tul.cz> wrote:

> Isn't this situation comparable with connecting a physical switch to an
> Ethernet port configured and limited for a single device? I mean, this is
> known even in IPv4, isn't it? At our university, if someone wants to
> connect a switch, they have to ask first to have that limitation lifted.
> Same in IPv6, if you need to have 10 global unicast addresses per device,
> it is not standard behavior, so you should ask first. As I understand, it
> is a protection against a malicious device that would ask for an infinite
> number of addresses or obsoleted privacy extensions that had a similar
> property.
>

It's very much not the same, because in IPv4 anyone who can connect to the
network and get an IPv4 address can provide IPv4 connectivity to unlimited
devices via NAT.

IMO that is actually one of the best things about this draft: it provides a
way to do the same in IPv6, while giving those unlimited devices true
end-to-end-connectivity, and without costing any more network resources
than if there was just one device. The lack of permissionless network
extension is a major feature gap between IPv6 and IPv4. This draft doesn't
just bridge that gap, it's actually a major improvement, because unlike
IPv4, the permissionless extension provides end-to-end connectivity.

Note that the network *cannot* prevent this sort of network extension, and
this draft doesn't change that. A user who wishes to provide connectivity
to unlimited other devices can just use NAT44 to share whatever IPv4
connectivity their primary device has, or use one of the many NAT66
implementations out there (including Linux).