nanog mailing list archives
Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space
From: Mohacsi Janos <mohacsi () niif hu>
Date: Thu, 5 Feb 2009 09:47:48 +0100 (CET)
On Wed, 4 Feb 2009, Roger Marquis wrote:
Perhaps what we need is an IPv6 NAT FAQ? I'm suspect many junior network engineers will be interested in the rational behind statements like: * NAT disadvantage #1: it costs a lot of money to do NAT (compared to what it saves consumers, ILECs, or ISPs?)
Yes it cost more money in OPEX. Try to detect malicious host behind a NAT among thousand of hosts.
* NAT disadvantage #3: RFC1918 was created because people were afraid of running out of addresses. (in 1992?)
Yes. One of my colleague, who participated in development of RFC 1918 confirmed it.
* NAT disadvantage #4: It requires more renumbering to join conflicting RFC1918 subnets than would IPv6 to change ISPs. (got stats?)
This statement is true: Currently you encounter more private address usage than IPv6 usage.
* NAT disadvantage #5: it provides no real security. (even if it were true this could not, logically, be a disadvantage)
It is true. Lots of administrator behind the NAT thinks, that because of the NAT they can run a poor, careless software update process. Majority of the malware infection is coming from application insecurity. This cannot be prevented by NAT!
OTOH, the claimed advantages of NAT do seem to hold water somewhat better: * NAT advantage #1: it protects consumers from vendor (network provider) lock-in.
Use PI address and multi homing.
* NAT advantage #2: it protects consumers from add-on fees for addresses space. (ISPs and ARIN, APNIC, ...)
No free lunch. Or use IPv6.
* NAT advantage #3: it prevents upstreams from limiting consumers' internal address space. (will anyone need more than a /48, to be asked in 2018)
You can gen more /48, or use ULA.
* NAT advantage #4: it requires new (and old) protocols to adhere to the ISO seven layer model.
This statement is a bullshit.
* NAT advantage #5: it does not require replacement security measures to protect against netscans, portscans, broadcasts (particularly microsoft netbios), and other malicious inbound traffic.
Same, if your implement proper firewall filtering.
Best Regards,
Janos Mohacsi
Current thread:
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space, (continued)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Christopher Morrow (Feb 04)
- RE: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space TJ (Feb 05)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Marshall Eubanks (Feb 05)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Christopher Morrow (Feb 05)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Joe Abley (Feb 05)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Jack Bates (Feb 05)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Iljitsch van Beijnum (Feb 05)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Owen DeLong (Feb 05)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Christopher Morrow (Feb 04)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Roger Marquis (Feb 05)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Valdis . Kletnieks (Feb 05)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Owen DeLong (Feb 05)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Stephen Sprunk (Feb 06)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Matthew Moyle-Croft (Feb 06)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Owen DeLong (Feb 06)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Matthew Moyle-Croft (Feb 06)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Ricky Beam (Feb 09)
- RE: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Frank Bulk - iName.com (Feb 09)