> > >> Unfortunately the former are far too prevalent. It's undoubtedly too > > >> late, but unfortunately it might have been better to do the > > >> fragmentation within the UDP payload (i.e. inside DNS) somehow (c.f. > > >> http://tools.ietf.org/html/rfc5405#section-3.2). > > > > > > It is *never* too late. For IPv6 we are still in the very > > > early days. > > > > but, what about the 'vast install base' ? > > There isn't a "vast install base" of firewalls (border routers). > If there was we would have 99% IPv6 traffic instead of 1.6% IPv6 > traffic.
I'm afraid I have to disagree. There is a significant installed base of border routers doing *stateless* firewall functions for various reasons. Some of these border routers already have IPv6 turned on, and many more of them *will* have IPv6 turned on in the near future. Changes to IPv6 handling that require new software for these routers is certainly possible - you "only" need to sell such a change to the vendors. Changes that require hardware replacement (and therefore significant capex) are obviously much harder. Steinar Haug, AS 2116 _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
