I'm not sure which world you live in, but if you're doing it based on "number of publicly available IPs behind firewalls" rather than "number of end hosts connected somehow to the internet" I think you'll find the numbers quite different. Bout the only group I can think of that could give true numbers of "connected hosts" versus "routed IPs" in this situation is google. Anyone from google able to contribute some end hosts behind NAT numbers? Finally, I find the idea of "internet engineering" as a formal process with no real inclusion of current real world deployments extraordinarily amusing, and I do hope its not the case in general. Please study why the internet grew how it did versus standards-bodies released networking and application protocols. Adrian On Wed, Oct 03, 2007, Iljitsch van Beijnum wrote:
On 2-okt-2007, at 17:35, Daniel Senie wrote:
So I'm sure you've explained to the firewall vendors they should be selling proxy boxes instead, and they've listened to you. Sorry the market has dictated solutions you don't like. Time to move on, and stop fighting a battle that's been lost.
The type of firewalling you talk about only happens in less than 1% of the sites connected to the internet. As a rule, these firewalls break lots of legitimate stuff such as ECN, the window scale option, path MTU discovery, etc, etc. The people who use them are welcome to these problems; it would be ridiculous for the IETF to work around this intentional breakage.
As I said before, if you want to meddle in the middle, do it right and say you don't support this stuff rather than play coy during the setup phase and break sessions once they're established and start using the newer features. (Although I wouldn't exactly call RFCs 1191 (1990) or 1323 (1992) "new".)