IETF: No consensus on IPv6 NATs

SAN FRANCISCO – The Internet's leading standards body appears split on a controversial proposal to specify network address translators (NAT) for IPv6, the next-generation Internet Protocol that was designed to eliminate such middle boxes from the Internet infrastructure.

At a meeting held here Thursday, IETF participants said corporate network managers are demanding NAT devices for IPv6 in order to preserve private IP addressing plans and to conceal their network topologies. Most enterprises don’t want to adopt the global, end-to-end IP addressing model of IPv6, experts said.

Enterprises run NATs because they want IP address independence from their carriers, says Margaret Wasserman, product development manager with Sandstorm Enterprises and co-author of an IPv6 NAT proposal dubbed NAT66. 

"The private IP addresses used inside the local network don’t need to be re-numbered when a site changes ISPs…or if there’s a merger or acquisition," Wasserman says. "Even if they have their own private address space, they don’t want to convince an ISP or pay an ISP to route it, which can be expensive and complicated."

The quandary for the IETF is that most of its participants believe NATs are bad for the Internet. So the group needs to decide whether to stick to its principles and refuse to specify IPv6 NATs, in which case vendors will build them anyway without interoperability standards. Or the IETF can specify IPv6 NATs and try to minimize the damage they cause to the Internet infrastructure.

At a session called 6ai– for IPv6 Address Independence—IETF participants discussed the pros and cons of specifying IPv6 NATs in an exchange that session co-chair Bob Hinden described as "the lesser of two evils." 

NATs are used by enterprises, small businesses and home users because there aren’t enough IP addresses to give one to each device connected to the Internet. NATs allow multiple computers to share a single public IP address.

NATs proliferated because the current version of the Internet Protocol, known as IPv4, uses 32-bit addresses and can support only 4.3 billion individually addressed devices on the Internet. IPv4 address space has been scarce for years and is expected to run out in 2012. 

The IETF created IPv6 as an upgrade to IPv4 that would fix the problem of limited IP address space and eliminate the need for NATs. IPv6 uses 128-bit addresses and can support so many devices that only a mathematical expression – 2 to the 128th power – can describe its size.

Only a handful of U.S. organizations have adopted IPv6 including the federal government and Google.

The IETF’s 6ai discussion occurred the same week that the group is scrambling to develop several other tools needed to make the transition from IPv4 to IPv6.

The problem for the IETF is that many enterprises say they won't deploy IPv6 without a NAT solution. That's why Wasserman and others have proposed that the IETF specify IPv6 NATs that meet enterprise customer needs even though they aren’t fans of NATs, because NATs add layers of complexity and operational cost to the Internet.