nanog mailing list archives
Re: NAT66 was Re: using "reserved" IPv6 space
From: Lee <ler762 () gmail com>
Date: Tue, 17 Jul 2012 03:33:13 -0400
On 7/16/12, Grant Ridder <shortdudey123 () gmail com> wrote:
If you are running an HA pair, why would you care which box it went back through?
You wouldn't. But if you've got an HA pair at site A and another HA pair at site B.. Lee
-Grant On Monday, July 16, 2012, Mark Andrews wrote:In message <CAD8GWsswFwnPKTfxt= squUmZofs3_-yriHY8o4Gt3W9+x6fVUQ () mail gmail com <javascript:;>>, Lee writes:On 7/16/12, Owen DeLong <owen () delong com <javascript:;>> wrote:Why would you want NAT66? ICK!!! One of the best benefits of IPv6 isbeingable to eliminate NAT. NAT was a necessary evil for IPv4 address conservation. It has no good use in IPv6.NAT is good for getting the return traffic to the right firewall. How else do you deal with multiple firewalls & asymmetric routing?Traffic goes where the routing protocols direct it. NAT doesn't help this and may actually hinder as the source address cannot be used internally to direct traffic to the correct egress point. Instead you need internal routers that have to try to track traffic flows rather than making simple decisions based on source and destination addresess. Applications that use multiple connections may not always end up with consistent external source addresses.Yes, it's possible to get traffic back to the right place without NAT. But is it as easy as just NATing the outbound traffic at the firewall?It can be and it can be easier to debug without NAT mangling addresses. The only thing helpful NAT66 does is delay the externally visible source address selection until the packet passes the NAT66 box. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org<javascript:;>
Current thread:
- NAT66 was Re: using "reserved" IPv6 space Lee (Jul 16)
- Re: NAT66 was Re: using "reserved" IPv6 space Mark Andrews (Jul 16)
- Re: NAT66 was Re: using "reserved" IPv6 space Grant Ridder (Jul 16)
- Re: NAT66 was Re: using "reserved" IPv6 space Mark Andrews (Jul 16)
- Re: NAT66 was Re: using "reserved" IPv6 space Owen DeLong (Jul 16)
- Re: NAT66 was Re: using "reserved" IPv6 space valdis . kletnieks (Jul 16)
- Re: NAT66 was Re: using "reserved" IPv6 space Owen DeLong (Jul 16)
- Re: NAT66 was Re: using "reserved" IPv6 space Grant Ridder (Jul 16)
- Re: NAT66 was Re: using "reserved" IPv6 space Seth Mos (Jul 16)
- Re: NAT66 was Re: using "reserved" IPv6 space Lee (Jul 17)
- Re: NAT66 was Re: using "reserved" IPv6 space Mark Andrews (Jul 16)
- Re: NAT66 was Re: using "reserved" IPv6 space Lee (Jul 17)