> I imagine this black box could be a relatively inexpensive ASIC or FPGA that could be a stand-alone widget, baked into hardware network adapters, or just built into routers, middleboxes, etc.
It's not that simple:
- The box has to translate IPv6 address space into IPv4 address space, but it's too big to fit. So the box has to be some kind of stateful reverse NAT, with all the problems that that involves, and the hardware requirements go way up.
- The IPv4-only host might make all sorts of assumptions about IPv4 addresses that are no longer valid. E.g. it might cut off addresses that it detects an attack from - but now as soon as two IPv6 addresess get mapped to the same IPv4 address you're going to block a legitimate user (in fact, since changing IPv6 address is easy, you're probably going to pretty quickly block the whole internet). E.g. it might expect to use an IPv4 geoIP database. E.g. it might be speaking a protocol like FTP where it's supposed to make an outbound connection to the client, so now your middlebox has to not only keep track of TCP streams but also the details of every protocol you want to be able to support.
It's not that simple:
- The box has to translate IPv6 address space into IPv4 address space, but it's too big to fit. So the box has to be some kind of stateful reverse NAT, with all the problems that that involves, and the hardware requirements go way up.
- The IPv4-only host might make all sorts of assumptions about IPv4 addresses that are no longer valid. E.g. it might cut off addresses that it detects an attack from - but now as soon as two IPv6 addresess get mapped to the same IPv4 address you're going to block a legitimate user (in fact, since changing IPv6 address is easy, you're probably going to pretty quickly block the whole internet). E.g. it might expect to use an IPv4 geoIP database. E.g. it might be speaking a protocol like FTP where it's supposed to make an outbound connection to the client, so now your middlebox has to not only keep track of TCP streams but also the details of every protocol you want to be able to support.