NATS in the IPv6 Belfry

By Roy Mark | Jul 29, 2004 | Print this Page
http://www.enterprisenetworkingplanet.com/netsp/article.php/3387681/NATS-in-the-IPv6-Belfry.htm

WASHINGTON -- Cost savings methods to conserve IP addresses and security precautions are potential stumbling blocks to the deployment of IPv6 which, ironically, is designed to provide a far greater number of addresses and better security than the current IPv4.

"There are things called network address translation (NAT) boxes, which are, in part, a side effect of not having enough IPv4 address space," Vint Cerf, MCI's vice president for technology strategy, told a Commerce Department conference on IPv6. "The NAT boxes...are a kind of architectural abomination, but they are there."

A NAT box is a hardware device often placed between a private network and the Internet to allow a large number of hosts on a private network to share a smaller number of globally routable, public IP addresses.

Because NATs are an effective way for many hosts to share a single public IPv4 address, they have proven to be a popular way to slow the consumption of IPv4 addresses and to reduce a company's payments to Internet service providers for address space.

NATs also add a measure of security by allowing network operators to block externally initiated contacts and to hide internal hosts.

According to the latest report from the IPv6 Task Force, IPv6 developers are concerned that NATs complicate the use and development of new end-to-end networking applications enabled by IPv6.

Without NATS, the report states, applications such as Voice-over Internet Protocol (VoIP) and real-time videoconferencing could be implemented much more simply with a direct connection initiated to any host. The direct connection eliminates the need to establish additional protocols and procedures to traverse one or more NAT devices.

The report says many of the prospective benefits of IPv6 "appear to be predicated on the removal or modification of network address translation devices and other 'middle boxes' that affect direct communications between end-user devices via the Internet."

Dr. Michael Gallagher, the director of RTI International's Technology Economics Program, told the conference, "It is uncertain what the prevalence of what middleware will be in a future IPv6 environment. There appears to be disagreement over the benefits and costs of NATS and other devices such as firewalls. If they exist now, what's the likelihood they will be removed from the system in the future?"

Gallagher added, "The concern is that if the benefits [of IPv6] are based on the assumption of the removal of most middleware, that becomes an issue for future development."

Even if the IP address issue is conquered by the implementation of IPv6, the additional security gains of NATS may keep them in the development mix.

"Networks that adopt IPv6 may therefore be reluctant to dispose of their NATs, even if address conservation is no longer a concern," the report states. "Although NATs may frustrate application designers and service providers, users and network administrators often realize economic and security-related benefits from using NATs in their networks."

Cerf said when the Internet Architectural Board was debating the introduction of IPv6, it was suggested that NATs might serve as transitional devices from IPv4 to IPv6. "So it could be that some of these boxes some of us don't like very much may be the base stepping stone into IPv6," he said.

IPv4 has been in use for almost 30 years and, according to most experts, cannot support emerging requirements for address space, mobility and security in peer-to-peer networking.

The 32-bit address field in the IPv4 packet header provides about 4 billion unique Internet addresses with a large portion of those addresses still unassigned. However, with the growing interest in "smart" appliances, entertainment products and other devices that connect directly to the Internet, the demand for IP addresses may overwhelm the remaining pool of IPv6 addresses.

The 128-bit address header in IPv6, according to the IPv6 Task Force, provides for trillions of addresses for each person now on earth.

"Although it is difficult to predict whether or when these developments may threaten the existing supply of IP addresses, the availability of virtually unlimited IPv6 addresses would enable Regional Internet Registries and Internet service providers to accommodate any sharp spike in demand," according to the report.

U.S. implementation of IPv6 is considered a critical step for the American technology industry since Europe and the Pacific Rim have been aggressively developing advanced services, particularly in the mobile computing sector, for the new protocol while interest in this country has lagged.

That changed last year when the Pentagon announced it would convert to IPv6 within the next three years. In support of the Pentagon's efforts, the IPv6 Task Force announced in October of 2003 the launch of North America's largest IPv6 pilot network.