[TriLUG] Adding to the list of topics: IPv6

Jon Carnes jonc at nc.rr.com
Thu Jan 22 12:07:23 EST 2004


> I understand how NAT works.  I understand its limitations.

Maybe you should give a NAT talk?  A lot of folks don't understand NAT -
even some on this list.

>  
> > Second - the timely example point
> > Lots of talk about VoIP lately - - - NAT is public enemy number one for
> > many a VoIP connection.  Better firewalls / gateways handle the needed
> > translations when NAT is in play, but cheapo consumer grade NAT boxes
> > can kill VoIP faster than a Baby Bell can think up a new fee.
> 
> I dunno, Vonage devices seem to be working just fine behind Linksys
> boxes.  And, you're pointing out a failure of crappy NAT boxes, not of
> NAT itself.  The technology is sound, the implementation is
> questionable.

Vonage does work-around this, and so does FeatureTel.  In fact, we spent
$8k to work-around this problem.  I'm certain Vonage does the same.

And because of the prevalence of NAT, folks will *always* be locked to a
vendor for VoIP (not that I mind...). Mike, if you want to bypass a
vendor and make a phone call directly to my VoIP phone from your VoIP
phone, you simply cant.  My Linksys firewall (running NAT) won't allow
it.  Of course there are work-arounds that we could make, but with IPv6
those are unnecessary.

VoIP is really emerging as a technology, and Ryan is right to point out
that NAT is the bane of its existence.  Whole new standards are
currently being developed in conjunction with NAT to try and work around
this. They'll come, but NAT is one of the biggest stumbling blocks
slowing the adoption of this new technology.

FeatureTel gets around the limitations by directly connecting to our
client and setting up a routed private network connection which
by-passes their NAT.  Other clients (behind a NAT) have to enter our
network through an expensive gateway called a Voice Proxy Firewall. 
This device acts as a reverse NAT to connect the call to our internal IP
PBX's.

>  
> 
> Understand that I have no problems with IPv6.  In and of itself, it's
> fine.  It's the migration that is the problem.  Let me repeat that.  The
> migration to IPv6 is the problem, not IPv6 itself.  This is an arduous
> task that needs a killer app to get me off my ass and do something.
> Until then, I'm going to continue to be blind to the reasons for
> migrating to IPv6.

IPv6's anti-spoofing is enough for me.  It removes anonymity from the
packets that reach you, and gives you a clear path back to any hacker or
script kiddie.  That will cut down on DOS and spam!  Especially if the
dial-up ISP's give out the same IP to a caller each time they dial into
the network!

Jon Carnes




More information about the TriLUG mailing list