Re: stable addressing

[Brian E Carpenter <brc@zurich.ibm.com>]

Tim,

If it really is only 500 or 1000 enterprises world-wide, they will in the
end get PI space and it will be routed in the DFZ, by simple economics.

The challenge is not so much there. It's

a) to solve the problem for the few million companies that aren't as big
as Boeing but are too big to be connected in a simple way to a single ISP.
That's why multi6 is here.

b) to produce a suite of techniques that are *better* than NAT-based
security-by-obscurity for the companies that have fallen into the
"NAT = Security" trap.

Only point a) is the problem of this WG.

   Brian

Tim Chown wrote:
> 
> On Tue, Apr 20, 2004 at 09:48:45AM -0700, Fleischman, Eric wrote:
> >
> > Pekka,
> >
> > Thank you for your helpful posting. The use of proxy servers is a good suggestion, since they can also be part of a larger authenticated firewall solution. However, due to the sheer number of the internal devices that need to be exposed in a highly controlled manner (e.g., hundreds if not low-thousands of devices), proxy servers aren't likely to be able to scale to handle the job -- hence the use of authenticated NATs that are associated with the firewall.
> 
> If an organisation wishes to continue with NAT, it might as well stick with
> IPv4 though?   What's the gain then from having IPv6?
> 
> Would be nice to have a "Fortune 1000" scenario documented, as it's an
> interesting subcase of the v6ops enterprise scenario.
> 
> Why not just allocate Fortune 1000 companies a /32 each anyway? ;)
> 
> Tim

-- 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Brian E Carpenter 
Distinguished Engineer, Internet Standards & Technology, IBM