Re: IPv6 deployment excuses

[Spencer Ryan <sryan () arbor net>]

Or how about we just avoid anything that uses the terms like "Mappings" and
"NAT" and speed the adoption of IPv6 everywhere which already solves all of
these problems.


*Spencer Ryan* | Senior Systems Administrator | sryan () arbor net
*Arbor Networks*
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com

On Mon, Jul 4, 2016 at 10:16 PM, Masataka Ohta <
mohta () necom830 hpcl titech ac jp> wrote:

> Baldur Norddahl wrote:
>
> With end to end NAT, you can still configure your UPnP capable NAT
> > > boxes to restrict port forwarding.
> Only if you by NAT mean "home network NAT". No large ISP has or will deploy
> > a carrier NAT router that will respect UPnP.
>
> A large ISP should just set up usual NAT. In addition, the ISP
> tells its subscriber a global IP address, a private IP address
> and a small range of port numbers the subscriber can use and
> set up *static* bi-directional port forwarding.
>
> If each subscriber is allocated 64 ports, effective address
> space is 1000 times more than that of IPv4, which should be
> large enough.
>
> Then, if a subscriber want transparency, he can set up his
> home router make use of the bi-directional port forwarding
> and his host reverse translation by nested port forwarding.
>
> That does not scale and is a
> > security nightmare besides.
>
> It is merely because you think you must do it dynamically.
>
> But, if you want to run a server at fixed IP address
> and port, port forwarding must be static.
>
>                                                 Masataka Ohta