On Tue, 12 Oct 2004, Pyda Srisuresh wrote:
> > If that's not the case, it's certainly not
> > correct -- you can deploy IPv6 as dual-stack without any need for
> > NAT-PT. And dual-stack is definitely the simplest way to deploy IPv6.
>
> [suresh] You might refer comments from Steve Klynsma & Jim Bound - about
> difficulties the defence dept faces to transition to dual stacks. It
just goes
> to show that the IETF can only offer transition mechanims, but not
mandate one.
> When the choices are comprehensive, the customers will pick the one
that best
> suits their environment.
Such networks are likely to require something like tunneling or
translation, yes. But the real problem with NAT-PT is that all the
people who don't need it, and shouldn't need it were they to deploy
IPv6 as dual-stack, want to try to fit it in their deployment plans
because, "well, it exists.. so there must be some use for it for us
here".
> > I have the feeling that most typical applications applications already
> > support proxies or have inherent support for middleboxes (e.g., http,
> > smtp, dns, ftp).
>
> [suresh] Disagree with your comment about proxies. What did you mean by
> "inherent support for middleboxes"? Middleboxes refer to many things
including
> proxies, NATs and NAT-PTs.
Web proxies are common. FTP proxies are common. Mail submission (a
function of SMTP) is submitted to a 'proxy'. DNS lookups are usually
done from a recursive name server.
Lots of protocols are already using explicit middleboxes such as
recursive DNS servers, web proxies, etc. -- that's a good thing.
Leveraging these for transition makes great deal of sense.
NAT-PT (and NAT) try to act as a middlebox transparently, without the
consent of the host or the application. This causes a lot of
problems. Explicit middleboxes, above, do not have this problem.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings