On 14 feb 2008, at 15:51, Christian Huitema wrote: > We don't see NAT on IPv6. However, we do see "statefull firewalls", > and they have the same practical effect. They block any conversation > if it was not originated "from inside the network", and for that > they look at TCP and UDP port numbers. In practice, I expect that > IPv6 applications will have to be designed to work over UDP & use an > IPv6 variation of STUN to "open the firewall". So, even with IPv6, > Jonathan's statement is likely to stand. Disagree. There is no reason why a stateful firewall would have an easier time tracking UDP state than any other non-TCP state when there is no address translation. _______________________________________________ Ietf@xxxxxxxx http://www.ietf.org/mailman/listinfo/ietf