[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: comments on draft-itojun-v6ops-v4mapped-harmful-00.txt
I really like Keiths bullets.
/jim
> -----Original Message-----
> From: Keith Moore [mailto:moore@cs.utk.edu]
> Sent: Tuesday, September 17, 2002 10:39 AM
> To: Erik Nordmark
> Cc: Jun-ichiro itojun Hagino; Alain Durand; v6ops@ops.ietf.org
> Subject: Re: comments on draft-itojun-v6ops-v4mapped-harmful-00.txt
>
>
> > I suspect the root of this argument is whether NAT as we know it
> > in IPv4 (with DNS-ALG, FTP-ALG, etc) is "good enough".
> > If so NAT-PT is what we need.
>
> that begs the question "good enough for what?"
>
> > Or do we want to improve on that?
> > For instance, do we want improvements that allows one to
> take advantage
> > DNSSEC through the NAT?
>
>
> I propose three guidelines:
>
> 1. communication between v6-capable nodes MUST NOT use NAT, so
> applications that do not tolerate NAT can use v6.
>
> 2. views of DNS MUST be kept consistent between v4 and v6, except
> possibly for limited portions of the net for which some DNS ALG
> is necessary, and even then we need to discourage it.
>
> in other words, don't use NAT as an excuse to pollute DNS.
>
> 3. if it is necessary/desirable to extend the flexibility of
> communication between v4 and v6 hosts (v4-v6 NAT) this should
> patterned after mechanisms developed for v4-v4 NAT. this will
> minimize impact on software written to take advantage of
> v4-v4 NAT workarounds.
>
> in other words, NAT is a disaster, and attempts to solve the
> problem (DNSALG, RSIP, MIDCOM) should be sufficient evidence
> that there are no good solutions. let's keep v6ops out of the
> business of generating more bad solutions.
>
>