On Thu, Dec 20, 2007 at 09:20:54AM -0800, Fred Baker wrote:
> Now, do you recall Randy Bush sitting in the IESG plenary and calling out 
> passwords? Advising people to get some variation on a VPN running? For me, 
> the big issue is that I do my work within a corporate context, and 
> therefore need to access corporate accounts to do what I do. Cisco IT has a 
> plan to deploy IPv6, but has not yet done so internally for a reason that 
> will, I think, ring true for many - IPv6 doesn't solve a business problem 
> that Cisco IT has (it has plenty of addresses for the present and has few 
> if any IPv6-only business partners that would force the issue), and hence 
> it hasn't seen fit to bring up IPv6 throughout Cisco.

Agreed, getting VPN's to work is going to be non-trivial.  On the
other hand, many VPN's are designed to work even in the presence of
IPv4 NAT's, since they are so ubiquitous these days; road warriors who
are using a variety of hotel and airport network services run into
them all the time.  So the question is whether some clever engineering
might allow some or all of the VPN's to work correctly even without
any cooperation or assistance of the corporate VPN server?   

Or perhaps this might be an opportunity to encourage VPN providers to
upgrade their software to work in such an environment.

And if the first IETF meeting where we try this, there is a NAT box
which provides IPv4 services over an IPv6 encapsulation, that might
not be a bad thing.  The mere fact that the IETF meeting could be only
connected to the Internet via v6 and could get work done isn't a bad
start.  Of course, over time, the challenge to VPN makers could be
made harder by adding another NAT box at the other end of the ipv4/6
decapsulation, and in future IETF's, adding successive layers of NAT
boxes to the IPv4 connectivity path for those people who are sure
that's the long term solution to Internet Scaling.  :-)

I agree that the economic considerations make it hard for the right
thing to happen.  This is one of the classical externalities problem,
where it's hard get companies to pay attention the polar ice cap is
completely gone and all the polar bears are dead.  Obviously the IETF
can't control the global economic picture, but we can control the IETF
conference network.  And the IETF does have enough of a bully pulpit
that it might help shift the economic consequences.  (Even if it's
allowing one VPN provider to provide bragging rights that if, for
example and hypothetically, the Nortel VPN solution works while the
Cisco VPN solution doesn't.  By giving VPN providers a chance to
showcase whether their products can or can not work in an IPv6-only
client environment, we can help provide the business justification for
them to do the necessary development work.)

                                      - Ted

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Reply via email to