On 01/16/2011 02:24 PM, Fred Goldstein wrote:
> If there really does turn out to be *meaningful* content that can
> *only* be reached via v6, then gateways will exist. One form or other
> of a 4-to-6-NAT. Name-based services will help; using an IP address
> in the application layer is a capital-M Mistake in the current stack.
So NAT is the answer to everything? SIGH. I can see that attempting to
discuss this further with you will be fruitless and a waste of time.
> No, I didn't say customers should worry about it.
Ummm, from YOUR message:
"If one of your subscribers really needs to reach something only
accessible via IPv6, they can tunnel out. "
Maybe I didn't interpret this correctly? Sounds to me that you DID say
that.
> Since space is a non-problem, why spend so much to fix it?
You are the only one with the opinion that available space is a
"non-problem".
> Use the space more efficiently. It's much cheaper and for that
> matter more secure.
I'll not even attempt to have this "NAT is secure" argument with you. I
know the truth and it will do little good to try to convince you.
Efficiency aside (that is, after all the REAL purpose of NAT), there is
no good reason to NAT. IPv6, even with all the inherent issues, WILL
address the lack of space. Additionally, it is child's play to create
an SPI firewall that mimics the "security" of NAT, even with public space.
> Let the market re-allocate existing v4 blocks. That has to happen
> anyway, *because* the transition requires dual-stack, probably for
> 10-20 years. (And by then I hope to have succeeded in getting an
> alternative available and accepted. I am working on it.)
So your beef isn't Cisco, it's the fact that your preferred protocol
"lost"? I knew that all along, but was waiting for you to say it
outright. FWIW, I agree that TUBA was a MUCH better approach, but that
isn't the world we live in. Also, even if the "market reallocates"
existing space, we will not last 10+ years with the current growth
rates. This is an argument that you have not won for the past 10 years,
why would you expect us to bury our heads in the sand ("ignore it and it
will go away") with some confidence that you will win in the next 10 years?
> Yes, in one sense. Because anyone who wants their content to be
> available to the general pubilc *will* make it available in v4. But
> gateways will also exist, so a v4 user will be able to reach most
> v6-only content, if there's demand.
And what about the reality that space IS limited (even if every unused
IP block were returned, we'd only have a year or so at the MOST)?
> One of the *problems* in the current model is the inability to make
> networks *not* available to everyone. Think about that... host-based
> security isn't perfect. Power infrastructure, security, corporate
> data, etc. V6 doesn't really fix this. We will still need firewalls,
> which relay applications. NAT is your friend.
NAT is not a security model. Sorry, but that's just fact. Even if you
say it 10 times, it will STILL be fact. You can try 100 times, but I
doubt it will change just because you say it. Good try, but not a valid
argument. Proper security measures are still going to be needed
(whether there is v4 or v6 with or without NAT). I understand the
security implications, but NAT won't fix those under any circumstance.
> Huh? If everyone ignored it, then it would go the way of GOSIP. End
> users are tending to ignore it; it's the vendor community, and some
> ISPs, who are all atwitter about it.
This is just ridiculous. Sure, if everyone ignored it, it WOULD go
away. The problem is that the RIRs are right now handing out IP space
from the v6 pool. It isn't being ignored. So, where does that leave
you? Perhaps you can bury your head, but those of us in the real world
should continue planning to transition our networks, since the world
around us will be doing the same thing.
--
********************************************************************
* Butch Evans * Professional Network Consultation*
* http://www.butchevans.com/ * Network Engineering *
* http://store.wispgear.net/ * Wired or Wireless Networks *
* http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! *
********************************************************************
--------------------------------------------------------------------------------
WISPA Wants You! Join today!
http://signup.wispa.org/
--------------------------------------------------------------------------------
WISPA Wireless List: [email protected]
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
