Jeroen Massar wrote:
If people want to use a tunnel for the purpose of a VPN, then they will,
be that IPv4 or IPv6 or both inside that tunnel.
Instead of having a custom VPN protocol one can do IPSEC properly now as
there is no NAT that one has to get around. Microsoft's Direct Access
does this btw and is an excellent example of doing it correctly.
Microsoft has had this capability since win2k. I didnt see any
enterprises use it, even those who used their globally unique and routed
ipv4 /16 internally. NAT was not why they did not use it.
They did not use it externally, they did not use it internally.
In fact, most of them were involved in projects to switch to NAT internally.
Enterprises also happen not to be thrilled with the absence of NAT in IPv6.
Dont expect huge uptake there.
No why should it? But note that "IPv6 tunnels" (not VPNs) are a
transition technique from IPv4 to IPv6 and thus should not remain around
forever, the transition will end somewhere, sometime, likely far away in
the future with the speed that IPv6 is being deployed ;)
So VPN is the _only_ acceptable use of sub 1500 encapsulation?
Today, most people cant even get IPv6 without tunnels.
In time that will change, that is simply transitional.
If turning it on with a tunnel breaks things, it wont make native
transition happen sooner.
1280 is the minimum IPv6 MTU. If people allow pMTU to work, aka accept
and process ICMPv6 Packet-Too-Big messages everything will just work.
If things break with higher mtu's then 1280 but less then 1500, there
really is no reason at all not to use 1280, the efficiency difference is
trivial. And on the IPv4 internet, we generally cannot control what most
of the rest of the people on it do. Looks like we are not going to be
doing any better on the IPv6 internet.
This whole thread is about people who cannot be bothered to know what
they are filtering and that they might just randomly block PtB as they
are doing with IPv4 today. Yes, in that case their network breaks if the
packets are suddenly larger than a link somewhere else, that is the same
as in IPv4 ;)
Greets,
Jeroen
This whole thread is all about how IPv6 has not improved any of the
issues that are well known with IPv4 and in many cases makes them worse.
This whole thread is all about showcasing how IPv6 makes them worse,
simply because it is designed with "this time they will do what we want"
mentality.
Joe