nanog mailing list archives
Re: shim6 @ NANOG
From: "Christopher L. Morrow" <christopher.morrow () verizonbusiness com>
Date: Sun, 05 Mar 2006 16:40:55 +0000 (GMT)
On Sun, 5 Mar 2006, Iljitsch van Beijnum wrote:
Of course having a TCP session or the like change addresses halfway through the session may throw stateful firewalls a bit.
I just love that shim6 basically == natv6... It WILL be implemented as such if available to folks in that manner. I do think there wiill be a market for a 'firewall' that is really a shim6 box that 'nat's the internal network behind a single prefix, this is going to be 'fun' (but not in the good way). Oh, not just stateful firewalls... How are you planning on dealing with LEO requests for CALEA when the addr changes mid-stream to some newly arbitrary prefix? What about log correlation on web/content servers? what about loadbalancers that balance on 'flows' ? this is quite the rabbit-hole dorothy jumped down :(
Current thread:
- Re: shim6 @ NANOG, (continued)
- Re: shim6 @ NANOG Matthew Petach (Mar 04)
- Re: shim6 @ NANOG Marshall Eubanks (Mar 04)
- Re: shim6 @ NANOG Edward B. DREGER (Mar 05)
- Re: shim6 @ NANOG Joe Abley (Mar 04)
- Re: shim6 @ NANOG Roland Dobbins (Mar 04)
- Re: shim6 @ NANOG Joe Abley (Mar 05)
- Re: shim6 @ NANOG Iljitsch van Beijnum (Mar 05)
- Re: shim6 @ NANOG Christopher L. Morrow (Mar 05)
- Re: shim6 @ NANOG Iljitsch van Beijnum (Mar 05)
- Message not available
- Re: shim6 @ NANOG Iljitsch van Beijnum (Mar 05)
- Re: shim6 @ NANOG Christopher L. Morrow (Mar 05)
- Re: shim6 @ NANOG Iljitsch van Beijnum (Mar 05)
- Message not available
- Re: shim6 @ NANOG Iljitsch van Beijnum (Mar 06)
- Re: shim6 @ NANOG Owen DeLong (Mar 05)
- Re: shim6 @ NANOG Joe Abley (Mar 05)
- Re: shim6 @ NANOG Stephen Sprunk (Mar 05)
- Re: shim6 @ NANOG Joe Abley (Mar 05)
- Re: shim6 @ NANOG Roland Dobbins (Mar 05)
- Re: shim6 @ NANOG Iljitsch van Beijnum (Mar 06)
- Re: shim6 @ NANOG Owen DeLong (Mar 06)
- Re: shim6 @ NANOG Iljitsch van Beijnum (Mar 07)