Changes between Initial Version and Version 1 of Ticket #29570, comment 14


Ignore:
Timestamp:
Mar 7, 2019, 3:18:33 PM (6 months ago)
Author:
s7r
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #29570, comment 14

    initial v1  
    11Not really. IPv4 is scarce, limited resources. NAT is a hack to get around this, and it's quite useful because THERE IS NO OTHER WAY to have multiple boxes if you have just one public IPv4, as most providers default to.
    22
    3 In IPv6 however, this is not the case. To the contrary that its not the case, it is also NOT RECOMMENDED by any RFC to do this. With what you are saying, just because you think it's ok "as long as it works and the relay is willing to do it" you contradict all the RFCs.
     3In IPv6 however, this is not the case. In addition that this is not the case, it is also NOT RECOMMENDED by any RFC to do this. With what you are saying, just because you think it's ok "as long as it works and the relay is willing to do it" you contradict all the RFCs.
    44
    5 Nobody is happy about NAT. In fact, everyone indicates to avoid it. That is why IPv6 came along. NAT is just a necessary evil, a hack that was made so things can go on. Obviously we don't have a choice in NOT supporting it. But we do have a choice for IPv6, and we should. Have you ever questioned why IPv6 does not support NAT? Not because it was hard to implement of course, but because it's evil and is best to be avoided. There's nothing that we can do f or the legacy IPv4 internet, but let's not turn IPv6 into the same.
     5Nobody is happy about NAT. In fact, everyone indicates to avoid it. That is why IPv6 came along. NAT is just a necessary evil, a hack that was made so things can go on. Obviously we don't have a choice in NOT supporting it. But we do have a choice for IPv6, and we should. Have you ever questioned why IPv6 does not support NAT? Not because it was hard to implement of course, but because it's evil and is best to be avoided. There's nothing that we can do for the legacy IPv4 internet, but let's not turn IPv6 into the same.
    66
    77Why would you want to pretend to listen on an IPv6 address if you have no open socket for it? It just doesn't make any sense. How is that better than just listening on IPv4? All this ticket recommends is, if you are willing to set an IPv6 NoListen address, also set a NoAdvertise one, if you're willing to redirect and tunnel that somehow it's still OK but at least don't advertise an address class if you have no listening socket for it. Basically follow the industry standard RFCs and recommendation + prevent users to make accidental mistakes and fill the consensus with garbage. Right now I configure an IPv6 NoListen ORPort and that gets filled in the consensus,  and I spend resources of directory authorities trying to test if it is reachable and also eat up even more space by having to be assigned with an additional UnreachableIPv6 flag. All this because something we say in the manual (mutually exclusive flags for torrc options) are not properly sanitized at start-up.