Mind you, I'm not saying that protocols should always use a UDP
shim layer. But I think the tradeoffs in favor of doing so are a bit
stronger
than you seem to think.
This is my chance to act the naif for Valentine's Day, but ...
I agree that UDP shims improve your ability to get through a NAT in the
short term. However (and especially given Melinda pointing out that NATs
impede connectivity for technical reasons, but firewalls impede connectivity
for policy reasons), we need to recognize that this is an arms race.
You may have better NAT-traversal characteristics using a UDP shim, but as
soon as some firewall administrator says "gee, I wonder what's running over
that UDP 5-tuple - gosh, it might be dangerous", you're dead, either way. Is
there a firewall administrator's guide that DOESN'T say "deny all ports, and
then open up the ports you need to open"?
I've only encountered one hotel network that denied everything except HTTP,
but that has happened - and then we really are back to the land of
[RFC3205].
Thanks,
Spencer
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf