On 14 feb 2008, at 15:51, Christian Huitema wrote:
We don't see NAT on IPv6. However, we do see "statefull firewalls",
and they have the same practical effect. They block any conversation
if it was not originated "from inside the network", and for that
they look at TCP and UDP port numbers. In practice, I expect that
IPv6 applications will have to be designed to work over UDP & use an
IPv6 variation of STUN to "open the firewall". So, even with IPv6,
Jonathan's statement is likely to stand.
Disagree. There is no reason why a stateful firewall would have an
easier time tracking UDP state than any other non-TCP state when there
is no address translation.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf