Re: Dynamic (changing) IPv6 prefix delegation

[Owen DeLong <owen () delong com>]

> > > 3) If you write an application using anything other than UDP or TCP, it won't work on most networks (with some 
> > > minor exceptions for PPTP and IPSEC, which work sometimes).
> > This hasn't been my experience unless you're behind some form of NAT. Yes, it is well known that NAT breaks most 
> > protocols.
>
> Not NAT.  Default deny firewalls.  Look at the recommended firewall configs from pretty much any security 
> consultant/vendor and see what happens when you try to turn on (say) SCTP.

No, NAT. Yes, default deny firewalls can add additional breakage, but, even if you add the requisite permits in many 
cases NAT will still break most things for which ALGs haven't been provided in the NAT box. Default deny firewalls are 
a configuration problem that can be easily addressed through configuration. NAT is a fundamental damage to network 
services which requires modifying the actual NAT device or its firmware to work around or the elimination of NAT to 
resolve.

> > > 7) Even UDP and TCP aren't going to work everywhere.  Hense why everything seems to tunnel over HTTP or HTTPS even 
> > > when that's an inappropriate method (such as when reliable ordered packet delivery is a hinderence).
> > Yes, this is an increasingly common problem. Thanks, Micr0$0ft.
>
> Not sure why you'd blame Microsoft. HTTP{,S} is increasingly looking to be the real IPng. 

Perhaps because they have done more than any other vendor to enable/encourage this trend?

Owen