Dual-stacking hosts is a non-problem. For the majority of
deployed hosts, it is already done.
That depends on the definition you're using. Many hosts are
v6-capable, though I'd still debate whether it's the majority. Very,
very few of those hosts have working v6 connectivity because there's
some device(s) or provider(s) between the host and the DFZ that are
v4-only.
agreed, but you were talking about hosts.
It's humans and software, not hardware, that is generally the problem
getting v6 deployed.
agreed about humans - mindshare is the hardest thing to overcome. the
software/hardware question is a distinction without a significant
difference. if the products (you think) you need to secure your
network aren't shipping, it doesn't matter much whether what you need is
new hardware or a software upgrade. often, that's just a matter of
packaging.
On the other hand, adapting existing security policies, traffic
filters, network intrusion detection systems, explicit and
interception proxies is much harder. In some cases the
products or upgrades don't even exist for IPv6, and when they
do, they're not mature.
So put the NAT-PT device on the outside of those security boxes.
and then you end up with a crippled network that will impair a lot of
the functionality you would have gained by using IPv6, and one which
pollutes DNS besides.
There's a lot of focus on NAT-PT for v6 sites to access remote v4-only
sites; I'm focusing on the case of v4-only sites using NAT-PT to
access remote v6-only sites.
that's certainly an important case, but there are better ways than
NAT-PT for v6-only sites to provide services to v4-only users.
There are basically two incentives to support IPv6: one is
more addresses, the other is a better behaved network that
is capable of supporting a wider range of applications at
lower cost. If NAT-PT is widely deployed, the second
incentive is removed.
No, the second incentive remains. Fully deploying v6 is still a good
idea because it removes the problems inherent to NAT-PT, which I've
already acknowledged.
yes, but everyone else's NAT-PT boxes still keep you from getting most
of the benefit from your upgrade to full IPv6.
And, as Phillip says, it's a moot point because vendors are shipping
NAT-PT anyways.
BS. that's equivalent to the argument that because everyone else is
evil, we might as well be evil too.
IETF is useless if it doesn't try to describe what will work well in the
long term.
Keith
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf