Most of the NAT boxes allow you to use IPv6. There are several protocols that
The simpler one
----- Original Message -----
From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
To: "'Jeroen Massar'" <jeroen(_at_)unfix(_dot_)org>; "Hallam-Baker, Phillip"
Cc: <ietf-mxcomp(_at_)imc(_dot_)org>; <ietf(_at_)ietf(_dot_)org>
Sent: Thursday, March 04, 2004 10:44 AM
Subject: RE: MBONE access?
Equally flawed and useless are the H.323 protocols that do not
tunnel through NAT or even work with a firewall in a remotely
NAT is the big bad dog here, that is what breaks the
end to end connectivity. <restart NAT war />
In case you had not noticed there are now tens of millions of NAT
devices in use. End users are not going to pay $10 per month for
an extra IP address when they can connect unlimited numbers of
devices to the net using a $40 NAT box.
The NAT war has been over for years, NAT won. The problem is that
the IETF still has not come to terms with that fact.
The Internet was designed to be a network of networks. The core
architecture is NOT end-to-end, that is a political shiboleth that
has been imposed later.
The features of the Internet that work are the ones that work within
the end-to-end model. The features that are failures are the ones
where the end-to-end model is bogus.
The security world has long since realised that exclusive relianance
on end-to-end security is bogus. I don't know of any serious security
professionals who now claim that firewalls are bogus or that they
will go away as the myth has it. Perimeter security is here to stay.
In the case of H323 the problem is not just NAT, it is the derranged
protocol which uses a block of 3000 odd TCP/IP ports to receive
messages on. there is no way that this is consistent with good
firewall management - unless you go to some pretty sophisticated
additional control to open up and shut down the ports as required.
As for IPv6, the only feasible way to deploy it is by co-opting those
Madrid 2003 Global IPv6 Summit
Presentations and videos on line at:
This electronic message contains information which may be privileged or
confidential. The information is intended to be for the use of the
individual(s) named above. If you are not the intended recipient be aware that
any disclosure, copying, distribution or use of the contents of this
information, including attached files, is prohibited.