Re: stable addressing

[Tim Chown <tjc@ecs.soton.ac.uk>]

I agree, I'm just saying don't get hung up on the Fortune 1000's, for the
reason you state.

Tim

On Wed, Apr 21, 2004 at 08:21:11AM +0200, Brian E Carpenter wrote:
> Tim,
> 
> If it really is only 500 or 1000 enterprises world-wide, they will in the
> end get PI space and it will be routed in the DFZ, by simple economics.
> 
> The challenge is not so much there. It's
> 
> a) to solve the problem for the few million companies that aren't as big
> as Boeing but are too big to be connected in a simple way to a single ISP.
> That's why multi6 is here.
> 
> b) to produce a suite of techniques that are *better* than NAT-based
> security-by-obscurity for the companies that have fallen into the
> "NAT = Security" trap.
> 
> Only point a) is the problem of this WG.
> 
>    Brian
> 
> Tim Chown wrote:
> > 
> > On Tue, Apr 20, 2004 at 09:48:45AM -0700, Fleischman, Eric wrote:
> > >
> > > Pekka,
> > >
> > > Thank you for your helpful posting. The use of proxy servers is a good suggestion, since they can also be part of a larger authenticated firewall solution. However, due to the sheer number of the internal devices that need to be exposed in a highly controlled manner (e.g., hundreds if not low-thousands of devices), proxy servers aren't likely to be able to scale to handle the job -- hence the use of authenticated NATs that are associated with the firewall.
> > 
> > If an organisation wishes to continue with NAT, it might as well stick with
> > IPv4 though?   What's the gain then from having IPv6?
> > 
> > Would be nice to have a "Fortune 1000" scenario documented, as it's an
> > interesting subcase of the v6ops enterprise scenario.
> > 
> > Why not just allocate Fortune 1000 companies a /32 each anyway? ;)
> > 
> > Tim
> 
> -- 
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Brian E Carpenter 
> Distinguished Engineer, Internet Standards & Technology, IBM