Re: draft-ietf-v6ops-nap-00.txt <PROXIES>

[Pekka Savola <pekkas@netcore.fi>]

On Mon, 4 Apr 2005, Baker Fred wrote:
> On Apr 4, 2005, at 4:01 AM, John Spence, CCSI, CCNA, CISSP wrote:
> > I do believe the most compelling arguments supporting the elimination of 
> > NAT
> > in the IPv6 architecture need a discussion of what you can achieve - and
> > what you give up - if you deploy proxies.
>
> Speaking for myself, I very much agree. The big marketing thing for IPv6 is 
> the end to end architecture. What ULAs do is summarily discard that, and what 
> proxies do when so configured is what NATs do automatically.

Sure, but the main difference from the IPv6 and end-to-end perspective 
is that proxies are explicitly configured.  They aren't "automatic"; 
they don't apply to all the traffic trying to outsmart it, or just 
hope it doesn't break any protocol in the process due to translation.

I would hope that when the admin sets up a proxy, the proxy will be 
able to interpret that particular protocol because, hey... the proxies 
are typically protocol-specific.  Or, if it isn't, I would hope that 
the admin has made a knowing & conscious decision that the protocol is 
so simple, proxying "just works".

Using NATs, implicit or automatic proxies, etc. rips all of that away. 
Because of this, explicit proxies are the next best thing (ro the 
end-to-end communication) from the end-to-end perspective.

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings