Re: the evilness of NAT-PT, was: chicago IETF IPv6 connectivity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 5 Jul 2007, Keith Moore wrote:

> > There are basically two types of applications/protocols: the simple
> > client/server ones (that work through NAT without changes) and
> > anything else that's more complex. In my opinion, it would be a huge
> > win to allow the former to work through some kind of IPv6-IPv4
> > translation because then all the hosts that only use these types of
> > applications don't need IPv4 anymore and life becomes simple for the
> > people who need to manage these hosts. 

> that's the kind of thinking that polluted the IPv4 network with NATs. 
> the problem is that those simple applications share the same hosts and
> network that the other applications do.  if you put devices in the
> network that only solve problems for the simple applications, then you
> get a network that can only run simple applications.
      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

At least, without tunneling/overlays. And that's exactly the kind of 
network we now have and will continue to have for the forseeable 
future.  Moreover, I would claim that NAT is not even the biggest 
problem.

(I'm always perplexed by the semi-annual NAT wars on the IETF list 
because rarely are firewalls given comparable billing even though I 
suspect they cause far more problems for NOCs.  Certainly both they 
and NAT boxes cause silent, mysterious failures that cause users to 
think the network is broken.  Yet *lots* of people want their part of 
the network to be a gated community.)

We recently sent a team to Africa to better understand the 
connectivity challenges our researchers over there were facing.
Result?  We will soon be deploying our first-ever central VPN service 
on port 80/443 --because those are the only ports you can count on.
In other words, we're going to deploy a VPN service not to *increase*
anyone's security, but to tunnel *around* other people's security 
measures.

The Internet-of-the-future is shaping up to be a collection of home 
and enterprise networks linked by port 443.  And I see no reason to 
believe that IPv6 is going to change that.

-teg

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]