Dynamic (changing) IPv6 prefix delegation

• Previous message (by thread): Dynamic (changing) IPv6 prefix delegation
• Next message (by thread): Dynamic (changing) IPv6 prefix delegation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 
>>> 3) If you write an application using anything other than UDP or TCP, it won't work on most networks (with some minor exceptions for PPTP and IPSEC, which work sometimes).
>> This hasn't been my experience unless you're behind some form of NAT. Yes, it is well known that NAT breaks most protocols.
> 
> Not NAT.  Default deny firewalls.  Look at the recommended firewall configs from pretty much any security consultant/vendor and see what happens when you try to turn on (say) SCTP.
> 

No, NAT. Yes, default deny firewalls can add additional breakage, but, even if you add the requisite permits in many cases NAT will still break most things for which ALGs haven't been provided in the NAT box. Default deny firewalls are a configuration problem that can be easily addressed through configuration. NAT is a fundamental damage to network services which requires modifying the actual NAT device or its firmware to work around or the elimination of NAT to resolve.

>>> 
>>> 7) Even UDP and TCP aren't going to work everywhere.  Hense why everything seems to tunnel over HTTP or HTTPS even when that's an inappropriate method (such as when reliable ordered packet delivery is a hinderence).
>> Yes, this is an increasingly common problem. Thanks, Micr0$0ft.
> 
> Not sure why you'd blame Microsoft. HTTP{,S} is increasingly looking to be the real IPng. 
> 

Perhaps because they have done more than any other vendor to enable/encourage this trend?

Owen

• Previous message (by thread): Dynamic (changing) IPv6 prefix delegation
• Next message (by thread): Dynamic (changing) IPv6 prefix delegation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]