Mailinglist Archive: opensuse (769 mails)

< Previous Next >
Re: [opensuse] DHCPv6-PD request
On 05/24/2016 08:16 PM, Anton Aylward wrote:
On 05/24/2016 07:07 PM, James Knott wrote:
On 05/24/2016 07:45 AM, Anton Aylward wrote:
NAT is a piece of ingenuity layered on what was originally a private
non-routable subnet that was really for "internal testing" . Yes a
distortion of intent but also a display of ingenuity on the part of
engineers and a gift to marketing. That it has delayed IPv6 is ....
yes, I'll grant you, an 'evil".
It's a hack that breaks many things. It was created to extend the life
of IPv4, by getting around the address shortage.
Ahm, not quite.
NAT is an untended consequence of RFC1918,
"Address Allocation for Private Internets"

To quote the original "Motivation

With the proliferation of TCP/IP technology worldwide, including
outside the Internet itself, an increasing number of non-connected
enterprises use this technology and its addressing capabilities for
sole intra-enterprise communications, without any intention to ever
directly connect to other enterprises or the Internet itself.
The intent of the NAT was secondary and was originally concerned with
simplifying an exponential explosion of routing.

Please don't confuse private addresses with NAT. The idea of private
addresses existed long before NAT. A private address is just that, it
doesn't connect to anything. NAT then took advantage of those address
blocks. Private addresses are not the problem (there are some with IPv6
too), NAT is.

As it happened, route aggregation, so as to manage the size & complexity
of routing tables, was solved by other means.

Whether you have one address or a block of addresses, the routing is
much the same. Aggregation was necessary because no thought was given
to routing efficiency when the IPv4 address blocks were handed out. The
current trend of selling surplus IPv4 address blocks will only make this
worse. On the other hand, IPv6 addresses are handed out geographically,
so that all the addresses in one part of the world will have a common
route from another part.


The wholesale adoption by service providers might be termed an "emergent
property" rather than the original planned intent.

Your explanation of "why NAT is evil" is way, way to complicated.
You could simply say that it breaks the supposition of many profols of
reciprocal point to point addressing.


Personally, I think that RFC1918 is poorly written and tries to say two,
perhaps three or more things at once without clearly differentiating
them. Its motivation and its conclusion are at odds with one another.


Your list of the things that NAT "breaks" is correct but for the mass of
users are irrelevant.
Funny you should mention that. I recently watched a video by someone on
Microsoft's XBOX team, talking about the problems NAT causes for games
and how the XBOX will always try to use IPv6, even if it has to set up a
tunnel to do so. It will only use IPv4 as a last resort.
Mike Palpinsky, in other writings as well as his RFCs, advocated point
to point IPv4 so as to avoid 'translators'. As afar as the Ethernet LAN
is concerned, the IP protocol is less efficient than so e of the LAN
protocols of history: Novell's. "Lantastic" and other. But they are LAN
protocols and not rotatable. Yes, gateways were written for some of
them, particularly for email. In many ways those gateways or protocol
translators served the same function as NAT, they hid an internal,
non-routable network from the Internet at large.

Ummm... Novell's IPX, not Lantastic was routable, along with Apple Talk.


You see NAT as something that breaks the Internet, James, since it uses
non-routeable addresses which, by definition, cannot permit host to host
addressing. Other people see it as the magic which allows their
private networks to make use of the Internet.

It allows their private networks to share one address and that's all it
does, in it's favour.

Others here have advocated DHCP loudly. For Joe Sixpack, a NAT router
is the definitive configuration plug and play. All his LAN devices get
DHCP addresses and the router itself gets a DHCP address from the ISP.
The issues you raise, IPSEC and setting up a server behind the NAT with
port forwarding are not for the Joe Sixpack. Anyone doing that kind of
thing is more technically sophisticated.
All IPv6 devices can use SLAAC or DHCPv6. No configuration either way.
Any anyway, every NAT firewall I have also has VPN capability.
Strange that .... eh?



Actual VPN support? Or just pass through?

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread