Mailinglist Archive: opensuse (1837 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Fri, 10 Sep 2010 19:23:07 +0200
  • Message-id: <i6dphr$9fd$2@xxxxxxxxxxxxxxxx>
James Knott wrote:

Per Jessen wrote:
And_that_ is the crux of "NAT is broken in a number of ways"?
James, I guess it's matter of wording, but to me the above doesn't
mean broken, at worst it's a very slight disadvantage.

No, that's not all. As I mentioned, I have personally experienced NAT
address clash, when using my VPN from a hotel, because they used the
same address range as I did at home. When you do that, it becomes a
"you can't get there from here" situation, because when you try to
access a computer at the remoted end, your computer doesn't know it
has to route through the VPN.

I can't personally blame NAT for that - the range of RFC1918 address is
so vast that the risk of a clash is minimal - unless you choose to use
a commonly used range. My VPN runs on 10.221.78.0/22.

There has also been mention of certain protocols that break.

I'm sure there are some, although I haven't heard of nor had any hard
problems in that respect. Which, quite selfishly, makes me conclude
that there aren't any _real_ problems.

Now, you tell me, what's so great about NAT, when you have sufficient
addresses available to not require it? In that situation, it provides
absolutely no benefit at all.

Correct - I haven't thought it through, but I think if I had had an IPv6
range and affordable IPv6-capable hardware six years ago when I was
setting up my datacentre and office, I would never even had considered
NAT. However, I had neither, nor did my external suppliers, and the
cost of IPv4 address for plain office use was just not justifiable.

All I'm saying is - don't start using NAT tomorrow if you aren't
already, but if you're using it today, do carry on using it tomorrow
too.


--
Per Jessen, Zürich (18.1°C)

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread