[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

Subject: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space
From: mohacsi at niif.hu (Mohacsi Janos)
Date: Thu, 5 Feb 2009 09:47:48 +0100 (CET)
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

On Wed, 4 Feb 2009, Roger Marquis wrote:

> Perhaps what we need is an IPv6 NAT FAQ?  I'm suspect many junior network
> engineers will be interested in the rational behind statements like:
>
> * NAT disadvantage #1: it costs a lot of money to do NAT (compared to what
> it saves consumers, ILECs, or ISPs?)

Yes it cost more money in OPEX. Try to detect malicious host behind a NAT 
among thousand of hosts.

>
> * NAT disadvantage #3: RFC1918 was created because people were afraid of
> running out of addresses. (in 1992?)

Yes. One of my colleague, who participated in development of RFC 1918 
confirmed it.

>
> * NAT disadvantage #4: It requires more renumbering to join conflicting
> RFC1918 subnets than would IPv6 to change ISPs. (got stats?)

This statement is true: Currently you encounter more private address 
usage than IPv6 usage.

>
> * NAT disadvantage #5: it provides no real security. (even if it were true
> this could not, logically, be a disadvantage)

It is true. Lots of administrator behind the NAT thinks, that because of 
the NAT they can run a poor, careless software update process. Majority of 
the malware infection is coming from application insecurity. This cannot 
be prevented by NAT!

>
> OTOH, the claimed advantages of NAT do seem to hold water somewhat better:
>
> * NAT advantage #1: it protects consumers from vendor (network provider)
> lock-in.

Use PI address and multi homing.

>
> * NAT advantage #2: it protects consumers from add-on fees for addresses
> space. (ISPs and ARIN, APNIC, ...)

No free lunch. Or use IPv6.

>
> * NAT advantage #3: it prevents upstreams from limiting consumers'
> internal address space. (will anyone need more than a /48, to be asked in
> 2018)

You can gen more /48, or use ULA.

>
> * NAT advantage #4: it requires new (and old) protocols to adhere to the
> ISO seven layer model.

This statement is a bullshit.

>
> * NAT advantage #5: it does not require replacement security measures to
> protect against netscans, portscans, broadcasts (particularly microsoft
> netbios), and other malicious inbound traffic.

Same, if your implement proper firewall filtering.

Best Regards,
 		Janos Mohacsi

Follow-Ups:
- v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space
  - From: marquis at roble.com (Roger Marquis)

References:
- v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space
  - From: marquis at roble.com (Roger Marquis)

Prev by Date: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space (IPv6-MW)]
Next by Date: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space (IPv6-MW)] (IPv6-MW)
Previous by thread: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space
Next by thread: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space
Index(es):
- Date
- Thread