ietf
[Top] [All Lists]

Re: myth of the great transition (was US Defense Department forma lly adopts IPv6)

2003-06-18 23:44:05

on 6/18/2003 10:44 PM Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:

Melinda Shore <mshore(_at_)cisco(_dot_)com> writes:

None of these things worked real well through firewalls either, which
is sort of my point.

If it doesn't work through a firewall, it's because the firewall is
doing what you ASKED it to do - block certain classes of connections.

If it doesn't work through a NAT, it's because the NAT is FAILING to do
what you asked it to do - allow transparent connections from boxes
behind the NAT.

Exactly. I can tell a firewall to get out of the way (stupid as that may
be in some cases) and the application protocols will function as designed
and expected. I cannot tell a NAT to do that, but instead must first
educate the vendor about the protocol that's being blocked, wait for them
to do their market research and/or prioritize the application among their
Great List of Applications They Have Broken, and then maybe one day get a
patch that actually spoofs the protocol well enough for it to work with a
middlebox in the way. There are some (very few) exceptions to the latter
routine, but that's the usual dance.

-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/




<Prev in Thread] Current Thread [Next in Thread>