[VOIPSEC] IPv6 and the demise (or not) of NAT (was Re: Interactive Connectivity Establishment (ICE))
dan_york at Mitel.com
Mon Nov 14 10:26:21 GMT 2005
Goeff, (or the (many?) others who have opinions on this subject)
> Any solution to this problem is imperfect until we all migrate to IPv6
> where NAT is no longer necessary.
(Realizing that this is a long-standing and simmering debate that can
border on one of those "religious" issues - but still curious enough to
hear people's opinions... )
But how realistic do you see that being? As much as I agree that it would
solve problems that we are facing, I'm very skeptical that NAT will go
anytime soon primarily because:
1. Corporate enterprises are at this point wed to their RFC-1918 private
networks and I just don't see them justifying the expenditure of time,
money, effort to go through and completely re-do their IP numbering.
I know of a good number of companies where there are lab environments,
etc., that have static IP ranges and such, and so the renumbering would
be a fairly massive undertaking.
2. Many (most?) IT security folks are strong believers in NAT as a
form of security. I don't see them being terribly interested in giving
up that tool from their toolbox.
3. NAT is widely deployed and available everywhere courtesy of the little
home routers you buy at your local electronics store. It works and
works fine for the vast majority of people. They aren't going to
change because to them nothing is broken.
All of which isn't to say that we won't someday get to that
NAT-less Nirvana, but I don't personally see NAT going away for a
l... o... n... g... time. (And we are therefore going to need ICE and
friends to traverse NAT.)
Dan York, CISSP, Director of IP Technology, Office of the CTO
Mitel Corporation http://www.mitel.com/ dan_york at mitel.com
Ph: +1-613-592-2122 350 Legget Drive, Ottawa, ON, K2K 2W7 Canada
PGP key (F7E3C3B4) available for secure communication
More information about the Voipsec