Stewart Stremler wrote: > Bad protocols. They should be fixed. Easier to change protocols than > infrastructure. (It's not like the concept of _ports_ was new, or proven > useless. Sheesh.)
Not necessarily. Take VOIP for instance. It is *extremely* useful to have signaling separate from voice data. Look at ISDN and SS7 in the telco world. Out of band signaling is great for security, scalability, and in most cases you will not be signaling with the same place that you will end up sending your voice data to so you cannot do it all in the same connection. How else are you going to use some out of band signalling protocol (such as Session Initiation Protocol) to set up to set up a real-time protocol (such as Real Time Protocol) session between a couple of other hosts without passing port and ip numbers? At some point the two end points have to know how to get ahold of each other. I imagine any solution you propose would be more complicated than just getting rid of NAT and using default-deny firewalls. I think SIP/RTP are very well designed protocols which we will be seeing a lot more of in the near future. Currently people are getting around the SIP/NAT thing by proxying all VOIP traffic. That is a nasty kludge (such as is often inspired by NAT traversal solutions) which will not be scalable, incurs a performance/call quality penalty, introduces more points of failure, and throws away a great deal of the fle > Obviously, the easy solution is to build NAT boxes that can be plumbed > with multiple IPs, and then allow "forwarding" to be allowed on a > per-IP as well as a per-port basis. (Presumably a soekris box could > do this easily.) Once this is "common functionality", the desktop > NAT boxen can do this as well. NAT boxes doing forwarding for multiple IP's? If you have multiple IP's available why not just route those IP's to their respective machines, do default deny, and have the problem solved cleanly? > Of course, you're then up against the "not enough IPs" problem, so > nothing's really been accomplished. So blaming NAT is just a red > herring... the REAL whining is about how nobody wants to do IPv6. > Aside from the IPv6 geeks. :) Blaming NAT is definitely not a red herring for the breakage of VOIP and other protocols caused by NAT since ipv6 is not yet even involved in most networks. I'm hoping we do find some killer-app to make everyone switch to ipv6. I am wondering if maybe the P2P networks will have the answer. If people start trading their files (illicit or not) on an ipv6-over-ipv4 tunneled network it will be harder for the ??AA organizations to find them (they won't figure out how to setup ipv6 for a while) and could drive adoption. > (I can see an IPv6 world using a unique IP for every service, and every > ethernet device being plumbed with all those IPs... and ports would then > be ignored (probably assumed to be '80'). And this touted as a Good > Thing. I'd want to be convinced of this *before* I do anything to make > this sort of madness fait accompli.) I don't see what the advantage to that would be. Then you would have to have a name in dns for each of those ip's and remember all of the names etc. If you can run multiple services on one box it would be easier to just -- Tracy R Reed http://copilotconsulting.com 1-877-MY-COPILOT -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
