On 23/10/19 10:41, Carlos Morgado wrote:
On 23 Oct 2019, at 14:26, Fernando Gont <fgont@si6networks.com> wrote:
On 5/10/19 13:18, Gert Doering wrote: [....]
With the way the Internet is evolving today, IPv4+NAT might just be good enough anyway. End users want lots of TV channels, the big content networks are providing. Everything (including DNS) is done over HTTPS today, which is very NAT friendly. CGN in the eyeball ISP world can easily achieve 10:1 or 50:1 IPv4 oversubscription, and with that, we have enough IPv4 for ever...
Well, yes, end-to-end communication will be lost forever. But since the "EVERYONE MUST HAVE A FIREWALL!" crowd broke that for the normal household anyway, it's lost anyway.
It's worse than that: Most IPv4 CPE devices have UPnP support, but IPv6 ones often lack the hooks to punch holes into the fw. SO at the end of the day you get better end-to-end connectivity with IPv4 than with IPv6.
e.g., see: https://searchnetworking.techtarget.com/tip/Ensuring-P2P-apps-dont-cause-net...
Isn’t this a we broke the network so we must further break the network scenario ?
?
If you remove PAT a lot of the UPnP needs go away and can be replaced by a mix of straightforward fw rules and stateful peeking like PAT residential CPEs do already.
At the end of the day, there's not much of a difference. In the IPv4 world you map external ports to internal ports. And in the IPv6 world you need to punch holes into the firewall, even when the port is not translated.
Going forward there’s nothing really stoping UPnP being implemented over IPv6 anyway is there ?
There isn't, indeed. But in many cases support is simply not there. Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492