...and the only problem I have with the above is that the
word MOST can be misleading. it's not as if most of the
problems with NATs would go away if only all NATs were to
suddenly support UPnP extensions to allow
NAT traversal. that would certainly help, but significant
brain-damage
would remain. also, your "MOST" is based on how things are
today, but the net seems to change fairly significantly every
two years.
I believe that we need a more general protocol for hosts inside a site
perimeter to communicate with the perimeter gateways and request
services from them. UPnP is not that protocol. In an IPv6 world there
will still be site perimeter gateways which block incoming traffic, just
like PAT/NAT does today. It would simplify life if hosts could register
an interest with their site perimeter gateway so that when a packet of
interest comes along, the gateway can either forward it, or notify the
host that the packet will be queued for pickup. Presumably the
notification and packet release will be done over distances less than a
kilometer or two so that the turnaround time does not prevent TCP
sockets from being opened.
This sort of general protocol still provides site protection. For
instance the site administrators can choose which hosts to parley with.
It could also be leveraged to provide some sort of host proxy services,
i.e. my host tells the site perimeter to accept VoIP calls for me and
forward those calls to host X when I'm not there. When I disconnect or
shutdown my host, keepalives not longer go to the gateway, and any
incoming VoIP calls go to the designated "host proxy" which accepts the
calls for me. Of course this "host proxy" is a fancy answering machine,
or maybe it is a device which can shunt the call to my mobile phone.
Of course, before we can realistically define such a protocol, we need
to define the role of a site perimeter gateway, probably with different
levels of service corresponding to different site sizes and different
administrative models.
Once the world was simple and there were hosts (computers), routers
(special dedicated computers) and bridges. Now it is rather more complex
with firewalls, load balancers, switch/routers and so on. Leaving aside
the question of whether or not an IPv6 Internet site perimeter gateway
needs to be in a single device or not, just what must it do, what might
it do, and what will it not do?
--Michael Dillon
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf