Much-maligned feature being added to IPv6

In a high-tech twist of irony, the Internet engineering community is adding a feature to IPv6 that the upgrade to the Internet's main communications protocol was supposed to eliminate.

One of the design goals for IPv6 was that it would rid the Internet of network address translation (NAT), gateways that match increasingly scarce public IPv4 addresses with private IPv4 addresses used inside corporations, government agencies and other organizations. 

NAT is deployed in routers, servers and firewalls, and it adds complexity and cost to enterprise networks. Internet purists hate NATs because they break the end-to-end nature of the Internet; this is the idea that any end user can communicate directly to another end user over the Internet without middle boxes altering their packets.

But because it has taken so long to migrate the Internet from IPv4 to IPv6 -- IPv6 is 10 years old and not yet widely deployed -- and because IPv4 addresses are running out faster than Internet users are able to roll out the preferred method of IPv4-to-IPv6 transition known as dual-stack operation, the Internet engineering community has come to the conclusion that it must create special NAT devices to translate between IPv4-only and IPv6-only hosts.

"When the chips are down, NATs may be the only way we are going to get IPv6 added to the Internet," says Fred Baker, a Cisco Fellow who was chair of the IETF when IPv6 was designed. "If we have IPv4-only and IPv6-only networks, both of which we have now, NATs are the only way they will connect."

Click to see: IPv6 NAT proposals

The Internet's leading standards body, the Internet Engineering Task Force, will discuss the issue of NATs for IPv6 at a meeting in Dublin, Ireland, later this month.

IETF Chair Russ Housley says NATs are "necessary for a smooth transition from IPv4 to IPv6." 

Housley says most IETF participants are resigned to the fact that NATs are required to translate between IPv4 and IPv6 until all of the Internet's hosts and routers support IPv6.

"The engineers and computer scientists that make up the IETF wish that the original plan had come to pass. But, of course, it didn't," Housley says. "Given the current situation, the IETF participants are seeking a pragmatic solution, and there is rough consensus that this is the best way forward."

Housley says the IETF needs to have a NAT-for-IPv6 specification ready for deployment in the next year or two. But he's holding out hope that someday NATs will be eliminated from the Internet.

"The desire is for these NAT devices to be needed only during the transition period," Housley says. "That transition will certainly not be quick, but when it is over, the need for NAT should go away."

Baker, who chairs the IETF's IPv6 Operations working group, which  has been leading the effort to develop NATs for IPv6, says it has been an "amusing debate" within the IETF. That's because there is a group of people who hate NATs and another group of people who work for companies that make money selling NATs, and sometimes people from both groups work for the same company.