Comment by 7bit

You said it yourself. NAT was introduced to solve the address space issue. At that point firewall were already a thing.

You also acknowledged correctly that IPv6 Will botnrun into the same address space limitations.

You said NAT is not a good thing Security-wise. Then you follow up the question, why we shouldn't add that to IPv6 as a security feature. It's hard to understand the train of thought.

So let me answer this. While NAT incidently does something similar to a firewall, it is not a security feature. NAT must track any outgoing network connection in order to understand where to route incoming packets. If a packet it not a reply to an established connection, it is dropped. Otherwise the NAT must look up who opened the connection. A NAT can only work if stateful.

In a routable connection, ALL of that can be based on the static routing table.

Imagine a university with 10,000 computer, all of them having opened maybe 100 concurrent connections. The NAT must track every single connection and do a lookup for every packet.

In a routable network, it just looks up the destination IP in the packet and sends it to the next hop for the destination IP.

All while hopefully a firewall is in front of it.

So why would you want to reintroduce NAT to IPv6, when both issues are efficiently solved already?