Tuesday, July 22, 2008

NAT: Unjustly maligned or a soon-to-be anachronism?

I received my copy of Network World today (which has a free subscription if you're a sysadmin, and is worth the walk to the mailbox to pick it up), and one of the front page headlines read "Slow move to IPv6 giving NAT a new life". Apparently I've missed a couple of things.

The first thing I mentally noted was that they expected IPv6 to be moving fast enough to be a widely used, and generally standard technology. I guess from my sheltered position, it doesn't seem as impending to me. A brief survey of some associates of mine indicated a solid 0/10 where an internal IT worker (in many cases, network oriented) was aware of a plan to utilize IPv6. The companies included one of the nation's largest healthcare providers, one of the largest airlines in the world, and the 2nd largest telecommunications provider in a state, among several other SMBs. I'm going to go ahead and say IPv6 isn't something that needs to go in my calendar book yet, though I'm keeping an ear open for news of the development.

The second tidbit from that headline is that, apparently, Network Address Translation (NAT), needs a new life. As in, it's currently dead. Maybe it doesn't want to go on the cart.

Either way, and this might just be an old-fogey way of thinking, but I don't want my internal servers to be publicly addressable. Really. Not even a little bit. I don't care if they still have to go through a firewall and router. I like the fact that, due to my networking scheme, even a misconfigured firewall will prevent direct access to the internal machines through the use of NAT.

How about you? Is your organization looking at IPv6? Do you use NAT?

Read the article and let me know what your take on this is.