> ...and the only problem I have with the above is that the > word MOST can be misleading. it's not as if most of the > problems with NATs would go away if only all NATs were to > suddenly support UPnP extensions to allow > NAT traversal. that would certainly help, but significant > brain-damage > would remain. also, your "MOST" is based on how things are > today, but the net seems to change fairly significantly every > two years. I believe that we need a more general protocol for hosts inside a site perimeter to communicate with the perimeter gateways and request services from them. UPnP is not that protocol. In an IPv6 world there will still be site perimeter gateways which block incoming traffic, just like PAT/NAT does today. It would simplify life if hosts could register an interest with their site perimeter gateway so that when a packet of interest comes along, the gateway can either forward it, or notify the host that the packet will be queued for pickup. Presumably the notification and packet release will be done over distances less than a kilometer or two so that the turnaround time does not prevent TCP sockets from being opened. This sort of general protocol still provides site protection. For instance the site administrators can choose which hosts to parley with. It could also be leveraged to provide some sort of host proxy services, i.e. my host tells the site perimeter to accept VoIP calls for me and forward those calls to host X when I'm not there. When I disconnect or shutdown my host, keepalives not longer go to the gateway, and any incoming VoIP calls go to the designated "host proxy" which accepts the calls for me. Of course this "host proxy" is a fancy answering machine, or maybe it is a device which can shunt the call to my mobile phone. Of course, before we can realistically define such a protocol, we need to define the role of a site perimeter gateway, probably with different levels of service corresponding to different site sizes and different administrative models. Once the world was simple and there were hosts (computers), routers (special dedicated computers) and bridges. Now it is rather more complex with firewalls, load balancers, switch/routers and so on. Leaving aside the question of whether or not an IPv6 Internet site perimeter gateway needs to be in a single device or not, just what must it do, what might it do, and what will it not do? --Michael Dillon _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf