On Thu, 5 Jul 2007, Keith Moore wrote:
> > There are basically two types of applications/protocols: the simple
> > client/server ones (that work through NAT without changes) and
> > anything else that's more complex. In my opinion, it would be a huge
> > win to allow the former to work through some kind of IPv6-IPv4
> > translation because then all the hosts that only use these types of
> > applications don't need IPv4 anymore and life becomes simple for the
> > people who need to manage these hosts.
> that's the kind of thinking that polluted the IPv4 network with NATs.
> the problem is that those simple applications share the same hosts and
> network that the other applications do. if you put devices in the
> network that only solve problems for the simple applications, then you
> get a network that can only run simple applications.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
At least, without tunneling/overlays. And that's exactly the kind of
network we now have and will continue to have for the forseeable
future. Moreover, I would claim that NAT is not even the biggest
problem.
(I'm always perplexed by the semi-annual NAT wars on the IETF list
because rarely are firewalls given comparable billing even though I
suspect they cause far more problems for NOCs. Certainly both they
and NAT boxes cause silent, mysterious failures that cause users to
think the network is broken. Yet *lots* of people want their part of
the network to be a gated community.)
We recently sent a team to Africa to better understand the
connectivity challenges our researchers over there were facing.
Result? We will soon be deploying our first-ever central VPN service
on port 80/443 --because those are the only ports you can count on.
In other words, we're going to deploy a VPN service not to *increase*
anyone's security, but to tunnel *around* other people's security
measures.
The Internet-of-the-future is shaping up to be a collection of home
and enterprise networks linked by port 443. And I see no reason to
believe that IPv6 is going to change that.
-teg
_______________________________________________
Ietf mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/ietf
