Re: The argument for writing a general purpose NAT for IPv6

[Brian E Carpenter <brc@zurich.ibm.com>]

On 2007-04-19 22:34, james woodyatt wrote:
...
> > > I'd like to direct members of the group interested in continuing this 
> > > discussion about IPv6 filtering behaviors to the ongoing discussion 
> > > in the BEHAVE working group.
> >
> > In my experience, mailing list hopping halfway through a discussion 
> > doesn't work too well. It would be good if the v6ops people could 
> > reach some conclusion (and hopefully, consensus) on these issues.
>
> I'm happy to continue the discussion separately or cross-posted to both 
> working groups, as necessary.
>
> If BEHAVE and V6OPS think relaxing the constraints on what inbound 
> packets should be rejected by stateful packet filters in residential 
> IPv6 gateway devices, 

I've re-read the BEHAVE WG charter carefully, and I do not see
how it can be interpreted to make this discussion in-scope. Their
job is concerned with IPv4 NATs "with the goal of encouraging
eventual migration to IPv6". That doesn't mean they should be
recommending IPv6 CPE behaviour. Certainly, learnings from BEHAVE
can be useful to V6OPS. We're chartered to:

"Publish Informational or BCP RFCs that identify potential security
risks in the operation of shared IPv4/IPv6 networks, and document
operational practices to eliminate or mitigate those risks" and
"Publish Informational or BCP RFCs that identify and analyze
solutions for deploying IPv6 within common network environments..."

A document on CPE behaviour seems well in scope to me.

    Brian