On Apr 18, 2007, at 12:05, Rémi Denis-Courmont wrote:
Le mercredi 18 avril 2007 21:25, james woodyatt a écrit :The transport proxies don't exist just because the IPv4 box is a NAT. They would need to be there even if the box implemented IPv4 stateful packet inspection/filtering without NAT. Let me outline the logical flow: 1) SPI -> ALGYou can do connection tracking with SPI, without ALG. You only need an ALG *if/because* you have a NAT because the SDP content will then be broken, not the other way around.
I'm not limiting my discussion to just SIP. I'm speaking of ALG's in the abstract sense. If you have SPI, then you will need ALG's for some subset of all possible applications. If you have ALG's then some subset of them will only be feasible with transport-layer proxies. If you have transport layer proxies then you will need IPv6 NAT to redirect flows into them.
However, I suppose I should admit that the unified IPv6 global addressing scope means that many (if not all) ALG's will be unnecessary once applications are all upgraded to traverse stateful packet filters using STUN/ICE-like mechanisms. In the BEHAVE group, the evolving discussion is convincing me that IETF expects future IPv6 applications to depend on the deployment of a global rendezvous infrastructure of some yet-to-be-specified design.
The fact that this global rendezvous infrastructure is vapor seems not to faze anyone?
-- j h woodyatt <jhw@apple.com>