Re:Why?
JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Mon, 14 March 2005 16:15 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA19085; Mon, 14 Mar 2005 11:15:42 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DAsHz-0000ec-1r; Mon, 14 Mar 2005 11:19:31 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DAs5b-0002Pt-E2; Mon, 14 Mar 2005 11:06:43 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DAs5X-0002Pe-Nn for ietf@megatron.ietf.org; Mon, 14 Mar 2005 11:06:41 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA17651 for <ietf@ietf.org>; Mon, 14 Mar 2005 11:06:36 -0500 (EST)
Received: from mail.consulintel.es ([213.172.48.142] helo=consulintel.es) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DAs99-0000D1-BW for ietf@ietf.org; Mon, 14 Mar 2005 11:10:24 -0500
Received: from [10.10.10.100] ([217.126.187.160]) by consulintel.es (consulintel.es [127.0.0.1]) (MDaemon.PRO.v7.2.3.R) with ESMTP id md50000848653.msg for <ietf@ietf.org>; Mon, 14 Mar 2005 17:08:38 +0100
User-Agent: Microsoft-Entourage/11.1.0.040913
Date: Mon, 14 Mar 2005 17:06:03 +0100
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: "ietf@ietf.org" <ietf@ietf.org>
Message-ID: <BE5B74FB.EA9F5%jordi.palet@consulintel.es>
In-Reply-To: <4235AF1B.1080702@cisco.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-MDRemoteIP: 217.126.187.160
X-Return-Path: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: ietf@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cf3becbbd6d1a45acbe2ffd4ab88bdc2
Content-Transfer-Encoding: 7bit
Subject: Re:Why?
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: jordi.palet@consulintel.es
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a8a20a483a84f747e56475e290ee868e
Content-Transfer-Encoding: 7bit
Regarding the firewalls and IPv6, I agree with your comment, but also there are some other reasons why that's bad, see: draft-vives-v6ops-ipv6-security-ps-03.txt and draft-palet-v6ops-ipv6security-02.txt Regards, Jordi > De: Jonathan Rosenberg <jdrosen@cisco.com> > Responder a: <ietf-bounces@ietf.org> > Fecha: Mon, 14 Mar 2005 10:34:51 -0500 > Para: Tony Hain <alh-ietf@tndh.net> > CC: "ietf@ietf.org" <ietf@ietf.org> > Asunto: Re: FW: Why? > > inline. > > Tony Hain wrote: > >> Joel M. Halpern wrote: >> >>> This discussion seems to take as a premise the view that if we define >>> applications only on IPv6, even though they could be defined on IPv4, that >>> this will give people a reason to use IPv6. >>> It also seems to take as a premise that if we don't define ways to work >>> around NATs, people won't use the applications with NATs. >> >> >> I suffer from no such disillusions as those are not the premise for the >> initial note, though without having the background in the original note it >> is easy to see why someone might come to that conclusion. >> >> My assumption is that the market will not ignore the opportunity to develop >> NAT traversal technologies. That does not equate to a need for the IETF to >> waste valuable resources standardizing hacks that attempt to mask previous >> hacks. In particular the IAB needs to be looking forward and helping the >> application community understand that there are approaches today that allow >> them to ignore the nonsense that has grown in the network by using IPv6 >> tunneling as a NAT traversal tool. This approach completely avoids the need >> for complex and error prone ALGs. > > I agree that ALGs are not the answer, and I believe the reasons for that > are treated in: > > http://www.ietf.org/internet-drafts/draft-iab-nat-traversal-considerations-00. > txt > > As I mentioned during the plenary, the document above makes a case that > the right answer in many situations are vpn-ish technologies that > include v6 tunnels. However, different applications have different > needs, and there are real differences between the various vpn-ish > solutions (TURN, STUN, teredo, etc.) that are driving their development > and adoption. For VoIP, where the nat traversal issue has been > especially painful, the increase in voice latency, packet loss, and > substantial cost increase of relaying traffic through the tunnel > servers, has driven people to solutions like STUN. Thus, I cannot agree > that there only needs to be a single solution here. > > That said, I agree that the IAB nat traversal consideration document > lacks adequate consideration of how evolution plays into this, and I'll > endeavor to improve the document on that front. > > Another concern I have is that, in an IPv6-only world, even if you > eliminate NAT, there will still be firewalls, and those firewalls will > frequently have the property that they block traffic coming from the > outside to a particular IP/port on the inside unless an outbound packet > has been generated from the inside from that IP/port. This means that IP > addresses are not globally reachable. You'd still need most of the same > solutions we have on the table today to deal with this problem. Indeed, > in the VoIP space, I believe you'd need pretty much everything, > excepting you'd be able to remove a single attribute from a few of the > protocols (STUN and TURN in particular), which tell the endpoint its > address on the other side of the NAT. The endpoint knows its address, > but all of the protocol machinery is still needed to rendezvous with the > other participant in the call. > > > -Jonathan R. > -- > Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza > Director, Service Provider VoIP Architecture Parsippany, NJ 07054-2711 > Cisco Systems > jdrosen@cisco.com FAX: (973) 952-5050 > http://www.jdrosen.net PHONE: (973) 952-5000 > http://www.cisco.com > > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www1.ietf.org/mailman/listinfo/ietf _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- Re: FW: Why? JFC (Jefsey) Morfin
- FW: Why? Tony Hain
- Re: FW: Why? Erik Nordmark
- Re: FW: Why? shogunx
- Re: FW: Why? Joel M. Halpern
- Re:Why? JORDI PALET MARTINEZ
- Re: FW: Why? Noel Chiappa
- Re:Why? Edward Lewis
- Re: FW: Why? JFC (Jefsey) Morfin
- Re:Why? JORDI PALET MARTINEZ
- Re:Why? JORDI PALET MARTINEZ
- Re: FW: Why? Tim Chown
- RE: FW: Why? Michel Py
- RE: FW: Why? Ralph Droms
- Re: FW: Why? Tim Chown
- Re: FW: Why? shogunx
- RE: FW: Why? Michel Py
- Re: FW: Why? Steven M. Bellovin
- Re: FW: Why? Kevin Loch
- Metcalfe's Law challenged Steve Crocker
- Re: FW: Why? JFC (Jefsey) Morfin
- RE: FW: Why? Tony Hain
- Re: Why? Keith Moore
- Re: Why? Keith Moore
- Re: Why? Noel Chiappa
- Re: Why? Keith Moore
- RE: Why? Michel Py
- Re: Why? Kevin Loch
- Re: Why? Bill Manning
- Re: Why? Noel Chiappa
- Re: Why? shogunx
- RE: Why? Noel Chiappa
- RE: Why? Michel Py
- Re: Why? Keith Moore
- RE: Why? Michel Py
- Re: Why? Keith Moore
- Re: Why? shogunx
- Re: Why? Bill Manning
- RE: Why? Michel Py
- Re: Why? Noel Chiappa
- Re: Why? JFC (Jefsey) Morfin
- Re: Why? Keith Moore
- Re: Why? Keith Moore
- Re: Why? Terry Gray
- RE: Why? Michel Py
- Re: Why? Brian E Carpenter
- Re: FW: Why? Tom Petch
- Re:Why? JORDI PALET MARTINEZ
- Re: FW: Why? Jonathan Rosenberg
- Re:Why? JORDI PALET MARTINEZ
- Re: Why? Noel Chiappa
- RE: FW: Why? Tony Hain
- RE: FW: Why? Pyda Srisuresh
- RE: Why? Michel Py
- RE: FW: Why? Tony Hain
- Re: FW: Why? Juergen Schoenwaelder
- Re: Why? Keith Moore
- Re: Why? David R Oran
- Re: Why? Theodore Ts'o
- Re: Why? Keith Moore
- Re: FW: Why? Brian E Carpenter
- Re: Why? Keith Moore
- Re:Why? JORDI PALET MARTINEZ
- Re: FW: Why? Melinda Shore
- Re: Why? Noel Chiappa
- RE: FW: Why? Noel Chiappa
- Re: Why? Keith Moore
- Re: Why? Brian E Carpenter
- Re: Why? Melinda Shore
- Re: Why? Keith Moore
- Re: FW: Why? Joe Touch
- Re: FW: Why? Joe Touch