[99721] in North American Network Operators' Group
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Wed Oct 3 03:55:44 2007
In-Reply-To: <200710021542.l92Fg7Of013992@parsley.amaranth.net>
Cc: nanog@nanog.org
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Wed, 3 Oct 2007 09:24:37 +0200
To: Daniel Senie <dts@senie.com>
Errors-To: owner-nanog@merit.edu
On 2-okt-2007, at 17:35, Daniel Senie wrote:
> So I'm sure you've explained to the firewall vendors they should be
> selling proxy boxes instead, and they've listened to you. Sorry the
> market has dictated solutions you don't like. Time to move on, and
> stop fighting a battle that's been lost.
The type of firewalling you talk about only happens in less than 1%
of the sites connected to the internet. As a rule, these firewalls
break lots of legitimate stuff such as ECN, the window scale option,
path MTU discovery, etc, etc. The people who use them are welcome to
these problems; it would be ridiculous for the IETF to work around
this intentional breakage.
As I said before, if you want to meddle in the middle, do it right
and say you don't support this stuff rather than play coy during the
setup phase and break sessions once they're established and start
using the newer features. (Although I wouldn't exactly call RFCs 1191
(1990) or 1323 (1992) "new".)
