[rrg] The case for NAT66

[Iljitsch van Beijnum]

Sorry for crossposting, but I think this is relevant both for BEHAVE  
(NAT people) and RRG (routing people). Please prune the to/cc in your  
replies as appropriate.

We've had some discussions about NAT66 on the BEHAVE list which were  
mostly the traditional issues: people will implement it regardless, if  
the IETF produces a spec at least we can avoid more brokenness than  
necessery, etc.

These are all relevant arguments. But there is a reason why NAT66 may  
be useful that goes beyond all of that. In 1996 Mike O'Dell came up  
with an idea named 8+8 and later GSE where the top 64 bits of the IPv4  
address are used for routing and the bottom for identification. This  
is problematic for a number of reasons, but one aspect of this idea is  
very promising: routers get to rewrite the top 64 bits of addresses.

Currently, either routers ignore the addresses and then we have no  
accountability if a user with ISPs A and B sends a packet with an A  
address to B, or B blocks the packet and we have accountability but no  
connectivity. This is an issue that we didn't really manage to solve  
with shim6, which uses the "take addresses from all ISPs" model.  
Rewriting in routers would give us both connectivity AND  
accountability, as well as a hint for the return path.

With some extra logic, a proxy shim6 can be built on top of this  
rewriting capability that would make shim6 much more palatable to many  
end-users so it may reduce the demand for PI address space and  
therefore the pressure on the routing system.

So if we adopt NAT66 we will be giving up something (the idea that  
referrals can work easily) but at the same time we gain a lot of  
potential for the future. But only if we specify NAT66 such that it  
can apply to all transports and still allow incoming sessions. If we  
end up with an IPv4-style port overloading NAT66 we gain nothing and  
lose a lot.