ietf
[Top] [All Lists]

Re: the evilness of NAT-PT, was: chicago IETF IPv6 connectivity

2007-07-06 06:12:29

On Thu, 5 Jul 2007, Keith Moore wrote:

There are basically two types of applications/protocols: the simple
client/server ones (that work through NAT without changes) and
anything else that's more complex. In my opinion, it would be a huge
win to allow the former to work through some kind of IPv6-IPv4
translation because then all the hosts that only use these types of
applications don't need IPv4 anymore and life becomes simple for the
people who need to manage these hosts. 

that's the kind of thinking that polluted the IPv4 network with NATs. 
the problem is that those simple applications share the same hosts and
network that the other applications do.  if you put devices in the
network that only solve problems for the simple applications, then you
get a network that can only run simple applications.
      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

At least, without tunneling/overlays. And that's exactly the kind of 
network we now have and will continue to have for the forseeable 
future.  Moreover, I would claim that NAT is not even the biggest 
problem.

(I'm always perplexed by the semi-annual NAT wars on the IETF list 
because rarely are firewalls given comparable billing even though I 
suspect they cause far more problems for NOCs.  Certainly both they 
and NAT boxes cause silent, mysterious failures that cause users to 
think the network is broken.  Yet *lots* of people want their part of 
the network to be a gated community.)

We recently sent a team to Africa to better understand the 
connectivity challenges our researchers over there were facing.
Result?  We will soon be deploying our first-ever central VPN service 
on port 80/443 --because those are the only ports you can count on.
In other words, we're going to deploy a VPN service not to *increase*
anyone's security, but to tunnel *around* other people's security 
measures.

The Internet-of-the-future is shaping up to be a collection of home 
and enterprise networks linked by port 443.  And I see no reason to 
believe that IPv6 is going to change that.

-teg

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>