nanog mailing list archives
Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space
From: Mark Newton <newton () internode com au>
Date: Tue, 10 Feb 2009 10:03:41 +1030
On 10/02/2009, at 9:54 AM, Stephen Sprunk wrote:
Yes, an ALG needs to understand the packet format to open pinholes -- but with NAT, it also needs to mangle the packets. A non-NAT firewall just examines the packets and then passes them on unmangled.
Sure, but at the end of the day a non-NAT firewall is just a special case
of NAT firewall where the "inside" and "outside" addresses happen to be the same.If I was a commodity consumer hardware manufacturer, that's how I'd handle
the IPv6 firewalling problem, because that'd let me pass non-NAT'ed v6packets and NAT'ed v4 packets through the same code paths, thereby enabling
me to avoid reinventing the entire wheel (and an entire new set of bugs) to do v6 firewalling.DSL/Cable CPE is already full of v4 ALGs, and it's reasonable to expect that
the only difference between those and the equivalent v6 ALGs will be the lack of v6 NAT. - mark --Mark Newton Email: newton () internode com au (W) Network Engineer Email: newton () atdot dotat org (H)
Internode Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Current thread:
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space, (continued)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Owen DeLong (Feb 06)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Matthew Moyle-Croft (Feb 06)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Ricky Beam (Feb 09)
- RE: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Frank Bulk - iName.com (Feb 09)
- RE: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space TJ (Feb 10)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Stephen Sprunk (Feb 07)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Ricky Beam (Feb 09)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Jack Bates (Feb 09)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Owen DeLong (Feb 09)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Stephen Sprunk (Feb 09)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Mark Newton (Feb 09)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Owen DeLong (Feb 09)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Mark Newton (Feb 09)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Jack Bates (Feb 09)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Mark Newton (Feb 09)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Jack Bates (Feb 09)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Matthew Kaufman (Feb 09)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Mark Andrews (Feb 09)
- RE: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space TJ (Feb 09)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space John Peach (Feb 09)
- Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space Seth Mattinen (Feb 09)