Inline On Thu, Jan 26, 2012 at 9:05 AM, Tim Chown <tjc@ecs.soton.ac.uk> wrote:
Thanks for the comments Ray, a couple of comments in-line.
On 26 Jan 2012, at 12:43, Ray Soucy wrote:
Local traffic shouldn't need to touch the CPE regardless of ULA or GUA. Also note that we already have the link local scope for traffic between hosts on the same link (which is all hosts in a typical home network); ULA only becomes useful if routing is involved which is not the typical deployment for the home.
The assumption in homenet is that it will become so.
Does this mean we're also looking at residential allocations larger than a /64 as the norm?
ULA is useful, on the other hand, if NPT is used. NPT is not NAT, and doesn't have any of the nastiness of NAT.
Well, you still have address rewriting, but prefix-based.
I think that the port rewriting, and as a consequence not being able to map to specific hosts easily, was the bigger problem with NAT. As for the comments made by others regarding "helpers" for NAT, there really aren't many that are needed aside from older pre-NAT protocols like H.323 which decided it would be a good idea to use the IP in the packet payload for authentication. Thankfully, over a decade of NAT has helped end this practice.
I think a lot of the question has to do with what the role of CPE will be going forward. As long as we're talking dual-stack, having operational consistency between IPv4 and IPv6 makes sense. If it's an IPv6-only environment, then things become a lot more flexible (do we even need CPE to include a firewall, or do we say host-based firewalls are sufficient, for example).
The initial assumption in homenet is a stateful firewall with hosts inside the homenet using PCP or something similar.
Tim
So a CPE device with a stateful firewall that accepts a prefix via DHCPv6-PD and makes use of SLAAC for internal network(s) is the foundation, correct? Then use random a ULA allocation that exists to route internally (sounds a lot like a site-local scope; which I never understood the reason we abandoned). I'm just not seeing the value in adding ULA as a requirement unless bundled with NPT for a multi-homed environment, especially if a stateful firewall is already included. If anything, it might slow down adoption due to increased complexity. -- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/