The Internet’s leading standards body appears split on a controversial proposal to specify network address translators (NAT) for IPv6, the next-generation Internet Protocol that was designed to eliminate such middle boxes from the Internet infrastructure.
At a recent meeting held in San Francisco, IETF participants said corporate network managers are demanding NAT devices for IPv6 in order to preserve private IP addressing plans and to conceal their network topologies. Most enterprises don’t want to adopt the global, end-to-end IP addressing model of IPv6, experts said.
Enterprises run NATs because they want IP address independence from their carriers, says Margaret Wasserman, product development manager with Sandstorm Enterprises and co-author of an IPv6 NAT proposal dubbed NAT66.
“The private IP addresses used inside the local network don’t need to be re-numbered when a site changes ISPs…or if there’s a merger or acquisition,” Wasserman says. “Even if they have their own private address space, they don’t want to convince an ISP or pay an ISP to route it, which can be expensive and complicated.”
The quandary for the IETF is that most of its participants believe NATs are bad for the Internet. So the group needs to decide whether to stick to its principles and refuse to specify IPv6 NATs, in which case vendors will build them anyway without interoperability standards. Or the IETF can specify IPv6 NATs and try to minimize the damage they cause to the Internet infrastructure.
At a session called 6ai— for IPv6 Address Independence–IETF participants discussed the pros and cons of specifying IPv6 NATs in an exchange that session co-chair Bob Hinden described as “the lesser of two evils.”
NATs are used by enterprises, small businesses and home users because there aren’t enough IP addresses to give one to each device connected to the Internet. NATs allow multiple computers to share a single public IP address.
NATs proliferated because the current version of the Internet Protocol, known as IPv4, uses 32-bit addresses and can support only 4.3 billion individually addressed devices on the Internet. IPv4 address space has been scarce for years and is expected to run out in 2012.
The IETF created IPv6 as an upgrade to IPv4 that would fix the problem of limited IP address space and eliminate the need for NATs. IPv6 uses 128-bit addresses and can support so many devices that only a mathematical expression — 2 to the 128th power — can describe its size.
Only a handful of U.S. organizations have adopted IPv6 including the federal government and Google.
The IETF’s 6ai discussion occurred the same week that the group is scrambling to develop several other tools needed to make the transition from IPv4 to IPv6. The problem for the IETF is that many enterprises say they won’t deploy IPv6 without a NAT solution. That’s why Wasserman and others have proposed that the IETF specify IPv6 NATs that meet enterprise customer needs even though they aren’t fans of NATs.
“There will be IPv6 NATs, and there isn’t anything the IETF can do to stop it,” Wasserman says. “Therefore, we have two choices, and I don’t like either of these choices. We can refuse to document IPv6 NATs because it’s icky, and what will happen is that some vendors will produce IPv6 NATs and they will get propagated and interoperability issues will come up….Or we can document IPv6 NATs and try to promote consistency in how they work.”
Long-time IETF participants are lining up on both sides of the IPv6 NAT debate.
The IETF’s Chair Russ Housley said last year that NATs are necessary for the transition to IPv6.
“We need to produce the simplest, quickest form of NAT66 and get it out there in six months,” said Brian Carpenter, a former IETF chair who is a professor in the Department of Computer Science at the University of Auckland. Carpenter says it’s critical that the IETF avoid the interoperability problems created by IPv4 NATs, which proliferated without the group’s input.
Others argue that IPv6 NATs shouldn’t be standardized. Tony Hain, Senior Technical Leader for IPv6 Technologies with Cisco, said IPv6 NATs will increase the Internet’s complexity and should be pursued only in experimental mode.
Representatives of the Internet Architecture Board, a sister organization to the IETF, said that if the IETF is going to specify IPv6 NATs, it needs to figure out a way to retain the end-to-end transparency of IPv6.
“The argument for end-to-end transparency doesn’t automatically rule out any of the three classes of proposed IPv6 NATs,” said Dave Thaler, a member of the IAB and a software architect at Microsoft. Thaler said it is critical that source and destination addresses that are used by other protocols and applications must stay in tact if a packet runs through an IPv6 NAT.
The IETF is expected to make a decision about chartering the 6ai working group in the next few months.