Wow, a few hours away from the internets, and this thread has run away! On 18/02/2007, at 12:43 PM, Philip D'Ath wrote:
In a pure IPv6 world where every end point is uniquely addressed we may even be able to change over to using pure transport mode IPSec, since no tunnelling would be required to make it work at all.
Correct - assuming we get to that IPv6 world. And as is evident so far (which is over 10 years), we are still searching for the correct hammer to make sure this happens. And this point can't be argued as if we did have the correct [policy, technical, economic, vista-ical] hammer we would all be sitting here using IPv6 rather than talking about it. And if we can't find the correct hammer then we better hurry and think through an alternative. A more efficient status quo _is_ a valid alternative.
Lets not waste anymore time making protocols works through NAT. Lets start making them work with IPv6.
Can't disagree with the later, but unfortunately we're going to be stuck with NAT for a while to come yet, so it's hard to ignore it. There seemed to be a loose consensus at NZNOG07 that operators would start playing with IPv6. That's a good start. Cheers, Jonny.