Operational challenges of no NAT
Matthew Ford
ford at isoc.org
Thu Oct 28 12:13:16 CEST 2010
On 28 Oct 2010, at 11:06, Mark Blackman wrote:
> Ben Jencks wrote:
>>
>> Wouldn't crypto, either HMAC or signatures, be a better assurance of
>> authorization? Sure, they can whitelist your /64, but that just serves
>> to keep the riff-raff out; the signature provides the actual identity
>> information.
>>
>> For callbacks, they should be done with DNS names. That way you're
>> v4/v6 agnostic at the application layer, and you can renumber your
>> callback receiver at will.
>>
>> I'm aware that in dealing with big providers they can have a pretty
>> hard-to-budge idea of how to do things. But if you're asking for the
>> "IPv6 way", I think crypto and DNS are the way to go.
>
> Is there some documented list of the usual requirements that NAT is used to satisfy and the corresponding IPv6 method to satisfy that requirement?
>
See http://tools.ietf.org/html/rfc4864
Mat
More information about the ipv6-ops
mailing list