[ppml] [address-policy-wg] Re: article about IPv6 vs firewalls vs NAT in arstechnica (seen on slashdot)
Iljitsch van Beijnum
iljitsch at muada.com
Tue May 22 14:51:39 EDT 2007
On 22-mei-2007, at 17:41, Randy Bush wrote:
>> 4 years from now, there will be an active IPv4 address space market,
>> whatever about ipv6.
> bingo!
...and that will be the fastest way to kill the remaining v4 space.
Triple word value!
> what amazes me is the lack of real work on the problem that a a
> jillion
> v6-only sites can not connect to the internet in a useful scalable
> way.
Interconnection between IPv6 clients and IPv4 servers can work very
well and it can be done at three layers:
- application
- transport
- network
At the application layer we have proxies. The problem is that
applications need to be aware of them and you need different proxies
for different applications. However, pretty much any client-to-server
TCP application can make use of the CONNECT method created for HTTPS
proxying without the proxy having to be aware of the application
protocol.
At the transport layer you can have a TCP relay with a DNS ALG,
serves the same function as a CONNECT proxy but without the app
having to know about it. Not widely implemented, though.
And for the network layer the IETF defined NAT-PT (network address
translation - protocol translation) which translates between IPv6 and
IPv4 and performs IPv4 NAT. Haven't tested this myself due to lack of
implementations I could get my hands on and then the IETF decided
this wasn't a good idea after all so NAT-PT is either already gone or
on the way out.
So the good news is that it's fairly trivial to support IPv6-only
clients if you have a dual stack proxy and mail server. This takes
care of HTTP (90% of all apps right there), HTTPS, mail and basic IM
functionality.
There are two flavors of peer-to-peer. The first one is towards
specific peers, such as with VoIP, so you either need to wait for
everyone to have IPv6 or have application-specific proxies. The
second type is towards any reasonable subset of a lot of peers, such
as BitTorrent. You don't care which peers you talk to, as long as
it's enough to get the file. So what you need here is a reasonable
subset of peers that are dual stack to facilitate the movement of
bits between IPv6-only and IPv4-only peers. There's also often a
server or tracker, which would have to be proxied or dual stack.
There you have it. You can actually run IPv6-only and get work done,
even with the current state of affairs.
More information about the ARIN-PPML
mailing list