ietf
[Top] [All Lists]

Re: myth of the great transition (was US Defense Department forma lly adopts IPv6)

2003-06-18 22:54:34
On Wed, 18 Jun 2003 21:55:34 PDT, Michel Py said:

I'm sorry but it is nothing near being that simple. Although if it does
not work through a firewall, it MAYBE because the firewall does block a
class of traffic (more likely because someone forgot to punch the right
hole), there are _plenty_ of other reasons why it does not work through
a firewall, one of the top ones being asymmetric traffic when there is
more than one exit point and the firewall hard state not being
distributed.

OK, so firewalls can fail because they're misconfigured or mis-deployed.

Death of the Internet Predicted.  Film at 11.  This is hardly news. Stuff
doesn't work right if you mis-set your netmask, or your default route, or
your nameserver, or whatever...

The point I was making is that if an NNTP connection fails because the firewall
is *configured* to say 'None Shall Pass' (insert Monty Python .wav here ;)
then that is *proper* behavior.  If a VOIP connection fails because the NAT
is saying 'None Shall Pass', then that's *broken* behavior.

I checked RFC3027.  20 *pages* of things that either break horribly over a NAT,
or (as in the Activision example) say "We can hack this to work if we make
the permanent restriction that there has to be a server that's NOT behind a NAT
and clients have to contact it".  Sounds a lot like RFC3344, actually.

Great.  WHo would *EVER* have thought that the biggest market for IP Mobility
was to hack through NAT dain bramage?

Attachment: pgpHk3bctEilM.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>