From: michael(_dot_)dillon(_at_)bt(_dot_)com
[mailto:michael(_dot_)dillon(_at_)bt(_dot_)com]
IPv6 is also a technology refresh, i.e. it forces vendors to
reimplement their boxes. It forces people to buy new systems.
If the only thing that they get is a new protocol with wider
addresses, then they will see this as a generally negative
experience and wonder why people with more money couldn't
just buy IPv4 addresses from those with less. Let them eat NAT!
Quite, the bigger address space does not necessarily drive adoption in the way
we would wish. Population pressure in Europe continued to bid up the value of
land there even after the discovery of the New World.
Even though there was no shortage of space in the New World (if you were
prepared to push aside the indigenous population) it was three centuries before
the infrastructure there made the land equally attractive.
But, if there are clear guidelines for IPv6 gateways that
focus on enabling functionality then people will see a value
in upgrading. An explicit firewall service is a value. No NAT
thus enabling more peer-to-peer applications is a value.
There could be more to it as well.
You conflate an implementation with a requirement.
Enabling peer-to-peer applications, in particular video conferencing is the
value. ANY means of enabling the benefit works.
The chief challenge however is how to open up the network to inbound TCP
requests without creating a security melt-down. Eliminating NAT does not by
itself eliminate the network issue. Once you start to look at ways of managing
the network security issue the question of addresses becomes moot.
For instance, if we accept the model that the majority of
Internet hosts will communicate with the core via stateful
gateways, then there is the possibility of a standard way for
an application to communicate with its local stateful gateway
in order to change the state, rather than implementing things
like STUN (Simple Traversal of UDP through NAT).
That too, would be a value for the buyer of a standard
Internet gateway.
This is the model that I prefer. It allows me to meet a set of security
objectives that is considerably more restrictive than anything on the market
today yet also make use of video conferencing and other peer to peer
configurations practical.
One of the keys here is to step back from administering hosts and instead look
at ways to configure the network.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf