[146803] in North American Network Operators' Group
Re: Dynamic (changing) IPv6 prefix delegation
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Nov 22 13:45:35 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <F13D5E10-E027-4A1D-963E-5A1F4758F8F3@virtualized.org>
Date: Tue, 22 Nov 2011 10:43:35 -0800
To: David Conrad <drc@virtualized.org>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>=20
>>> 3) If you write an application using anything other than UDP or TCP, =
it won't work on most networks (with some minor exceptions for PPTP and =
IPSEC, which work sometimes).
>> This hasn't been my experience unless you're behind some form of NAT. =
Yes, it is well known that NAT breaks most protocols.
>=20
> Not NAT. Default deny firewalls. Look at the recommended firewall =
configs from pretty much any security consultant/vendor and see what =
happens when you try to turn on (say) SCTP.
>=20
No, NAT. Yes, default deny firewalls can add additional breakage, but, =
even if you add the requisite permits in many cases NAT will still break =
most things for which ALGs haven't been provided in the NAT box. Default =
deny firewalls are a configuration problem that can be easily addressed =
through configuration. NAT is a fundamental damage to network services =
which requires modifying the actual NAT device or its firmware to work =
around or the elimination of NAT to resolve.
>>>=20
>>> 7) Even UDP and TCP aren't going to work everywhere. Hense why =
everything seems to tunnel over HTTP or HTTPS even when that's an =
inappropriate method (such as when reliable ordered packet delivery is a =
hinderence).
>> Yes, this is an increasingly common problem. Thanks, Micr0$0ft.
>=20
> Not sure why you'd blame Microsoft. HTTP{,S} is increasingly looking =
to be the real IPng.=20
>=20
Perhaps because they have done more than any other vendor to =
enable/encourage this trend?
Owen
