Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)

• Previous message (by thread): Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
• Next message (by thread): Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2-okt-2007, at 15:05, Adrian Chadd wrote:

> Please explain how you plan on getting rid of those protocol-aware  
> plugins
> when IPv6 is widely deployed in environments with -stateful  
> firewalls-.

You just open up a hole in the firewall where appropriate.

You can have an ALG, the application or the OS do this. As you  
probably know by now, I don't favor the ALG approach.

> End-to-end-ness is and has been "busted" in the corporate world AFAICT
> for a number of years. IPv6 "people" seem to think that simply  
> providing
> globally unique addressing to all endpoints will remove NAT and all
> associated trouble. Guess what - it probably won't.

If you don't want end-to-end, be a man (or woman) and use a proxy.  
Don't tell the applications they they are connected to the rest of  
the world and then pull the rug from under them. This works in IPv4  
today but don't expect this to carry over to IPv6. At least not  
without a long, bloody fight.

• Previous message (by thread): Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
• Next message (by thread): Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]