On 23/10/19 10:41, Carlos Morgado wrote: > >> On 23 Oct 2019, at 14:26, Fernando Gont <[email protected]> wrote: >> >> On 5/10/19 13:18, Gert Doering wrote: >> [....] >>> >>> With the way the Internet is evolving today, IPv4+NAT might just be good >>> enough anyway. End users want lots of TV channels, the big content >>> networks are providing. Everything (including DNS) is done over HTTPS >>> today, which is very NAT friendly. CGN in the eyeball ISP world can >>> easily achieve 10:1 or 50:1 IPv4 oversubscription, and with that, we >>> have enough IPv4 for ever... >>> >>> Well, yes, end-to-end communication will be lost forever. But since >>> the "EVERYONE MUST HAVE A FIREWALL!" crowd broke that for the normal >>> household anyway, it's lost anyway. >> >> It's worse than that: Most IPv4 CPE devices have UPnP support, but IPv6 >> ones often lack the hooks to punch holes into the fw. SO at the end of >> the day you get better end-to-end connectivity with IPv4 than with IPv6. >> >> e.g., see: >> https://searchnetworking.techtarget.com/tip/Ensuring-P2P-apps-dont-cause-network-performance-issues-with-IPv6 >> > > Isn’t this a we broke the network so we must further break the network > scenario ?
? > If you remove PAT a lot of the UPnP needs go away and can be replaced by a > mix of straightforward fw rules and stateful peeking like PAT residential > CPEs do already. At the end of the day, there's not much of a difference. In the IPv4 world you map external ports to internal ports. And in the IPv6 world you need to punch holes into the firewall, even when the port is not translated. > Going forward there’s nothing really stoping UPnP being implemented over IPv6 > anyway is there ? There isn't, indeed. But in many cases support is simply not there. Thanks, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
