[arin-discuss] Trying to Understand IPV6
Robert E. Seastrom
rs at seastrom.com
Mon Sep 13 20:48:59 EDT 2010
"Mike Lieberman" <mike at netwright.net> writes:
> We run VoIP over NAT today and while there is a learning curve it is
> manageable.
When you run VoIP over public addresses, the learning curve for
NAT-related issues is gone. Sure, you still need to open up the
proper ports in the firewall. Funny how easy that gets when there is
no STUN or uPNP in the fray. Might even be something that you click
on, as a common configuration option - the following addresses... oh
wait, the following SUBNET (you got 64k of them) is VoIP phones, open
the normal ports for them. Almost no configuration necessary.
> Make a mistake in NAT'ed network and NAT will save you in-spite of yourself.
> Make a mistake in Public IP and you are potentially sunk.
See below.
> As an advocate for the end user - even when it makes my job
> harder.... NAT isn't evil. Network Engineers who expect all
> consumers to be knowledgeable are evil. We need to employ
> technologies that are safe even when used badly. Public addresses
> on residences fails the test.
It's funny to see juxtaposition of "VoIP learning curves", "firewall
configuration mistakes", and then a justification for NAT to save
unsophisticated folks (the unsophisticated folks who are hacking their
router to support VoIP and forget "deny ipv6 any any", no doubt).
Quite the mental gymnastic there.
My mom is gonna click on the "I just installed a Vonage VoIP phone and
a Kelvinator SodaProbe V6" buttons, not edit rulesets.
And the firewall will default to "no inbound traffic". Just like your
NAT router.
We agree that the default configurations and likely failure modes for
network hardware ought to be maximally safe. NAT creates a nice
illusion of improved safety. Doesn't help much against dirty web
sites, email, and PDFs... in short, 99% of the issues out there
today, but hey, it *looks* safer right?
> It's nice that some of you trust public institutions to always behave and do
> right. Do I offend you that you are in the aggregate in the extreme minority?
Huh? Non-sequiteur there.
-r
More information about the ARIN-discuss
mailing list