[140775] in North American Network Operators' Group
Re: Yahoo and IPv6
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed May 18 20:22:07 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <4DD29A66.5050106@matthew.at>
Date: Wed, 18 May 2011 17:18:57 -0700
To: matthew@matthew.at
Cc: Paul Vixie <vixie@isc.org>, nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On May 17, 2011, at 8:55 AM, Matthew Kaufman wrote:
> On 5/17/2011 5:25 AM, Owen DeLong wrote:
>>=20
>> My point was that at least in IPv6, you can reach your boxes whereas =
with
>> IPv4, you couldn't reach them at all (unless you used a rendezvous =
service
>> and preconfigured stuff).
>=20
> Actually almost everyone will *still* need a rendezvous service as =
even if there isn't NAT66 (which I strongly suspect there will be, as =
nobody has magically solved the rest of the renumbering problems) there =
will still be default firewall filters that the average end-user won't =
know how or why to change (and in some cases won't even have access to =
the CPE).
PI solves the majority of the renumbering problems quite nicely and is =
readily available for
most orgs. now.
Beyond that, I think you will see firewalls become much easier for the =
average person to
manage and it will become a simple matter of making an http (hopefully =
https) connection
to the home gateway and telling it which service (by name, such as VNC, =
HTTP, HTTPs, etc.
from a pull-down) and which host (ideally by name, but, may have other =
requirements here)
to permit.
Some firewalls already come pretty close to that.
There is also talk (for better or worse) of having something like UPNP, =
but, without the NAT
for enabling such services.
No rendezvous server required.
>=20
> For the former we can only hope that NAT66 box builders can get =
guidance from IETF rather than having IETF stick its collective head in =
the sand... for the latter the firewall traversal has a chance of being =
more reliable than having to traversal both filtering and address =
translation.
>=20
I'm still hoping that we just don't have NAT66 box builders. So far, =
it's working out that way.
Owen
