[e2e] using p2p overlays to overcome recursive NATs/realms

Melinda Shore mshore at cisco.com
Sat Feb 9 06:37:41 PST 2002


At 09:33 PM 2/8/02 -0500, David P. Reed wrote:
>Oh, I do indeed understand.  However, I think it is pretty clear that ISPs have no interest in deploying v6.  A fair number of them would love to stay in v4 because the lack of addresses creates a steep entry barrier for competitors. 

But it's just not ISPs and it's not just competitive concerns.
One thing that's very much at issue is the ability of operators
*and* enterprises to be able to distinguish between what's theirs
and what's not theirs in order to be able to apply policy.  Right
now the tools for doing that are extremely crude, where they exist
at all.  In many cases NATs are being used to effect policy domain
separation, and unfortunately that kind of use seems to be on
the rise.  An overlay network that's insensitive to that issue isn't
going to be helpful to them, but an overlay network that is sensitive
to that issue is going to reintroduce the sorts of problems that
we're seeing now with firewalls and NATs.

I'm not at all convinced that it's fruitful to frame the question
as being how to repair the damage done by NATs, but rather whether 
or not there's an IP-appropriate way to deal with the issue of how 
to apply policy (particularly access policy) at the boundaries between 
networks.

Melinda





More information about the end2end-interest mailing list