[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: comments on draft-itojun-v6ops-v4mapped-harmful-00.txt



I really like Keiths bullets.
/jim

> -----Original Message-----
> From: Keith Moore [mailto:moore@cs.utk.edu]
> Sent: Tuesday, September 17, 2002 10:39 AM
> To: Erik Nordmark
> Cc: Jun-ichiro itojun Hagino; Alain Durand; v6ops@ops.ietf.org
> Subject: Re: comments on draft-itojun-v6ops-v4mapped-harmful-00.txt 
> 
> 
> > I suspect the root of this argument is whether NAT as we know it
> > in IPv4 (with DNS-ALG, FTP-ALG, etc) is "good enough".
> > If so NAT-PT is what we need.
> 
> that begs the question "good enough for what?"
> 
> > Or do we want to improve on that?
> > For instance, do we want improvements that allows one to 
> take advantage
> > DNSSEC through the NAT?
> 
> 
> I propose three guidelines:
> 
> 1. communication between v6-capable nodes MUST NOT use NAT, so 
>    applications that do not tolerate NAT can use v6.
> 
> 2. views of DNS MUST be kept consistent between v4 and v6, except 
>    possibly for limited portions of the net for which some DNS ALG 
>    is necessary, and even then we need to discourage it.
> 
>    in other words, don't use NAT as an excuse to pollute DNS.
> 
> 3. if it is necessary/desirable to extend the flexibility of
>    communication between v4 and v6 hosts (v4-v6 NAT) this should
>    patterned after mechanisms developed for v4-v4 NAT.  this will
>    minimize impact on software written to take advantage of
>    v4-v4 NAT workarounds.  
> 
>    in other words, NAT is a disaster, and attempts to solve the 
>    problem (DNSALG, RSIP, MIDCOM) should be sufficient evidence
>    that there are no good solutions.   let's keep v6ops out of the 
>    business of generating more bad solutions.
> 
>