nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Consumer Grade - IPV6 Enabled Router Firewalls.

From: Mark Newton <newton () internode com au>
Date: Sat, 12 Dec 2009 17:43:24 +1030

On 12/12/2009, at 4:15 PM, Roger Marquis wrote:


Is there a natophobe in the house who thinks there shouldn't be stateful
inspection in IPv6?  If not then could you explain what overhead NAT
requires that stateful inspection hasn't already taken care of?


I handwave past all that by pointing out (as you have) that 
stateful inspection is just a subset of NAT, where the inside
address and the outside address happen to be the same.

(in the same way that the SHIM6 middleware boxes which were 
proposed but never built were /also/ just subsets of NAT, with
the translation rules controlled by the SHIM6 protocol layers 
on the hosts... but we weren't allowed to call them NAT gateways,
because IPv6 isn't supposed to have any NAT in it :)

   - mark

--
Mark Newton                               Email:  newton () internode com au (W)
Network Engineer                          Email:  newton () atdot dotat org  (H)
Internode Pty Ltd                         Desk:   +61-8-82282999
"Network Man" - Anagram of "Mark Newton"  Mobile: +61-416-202-223
Previous By Date Next
Previous By Thread Next

Current thread: