nanog mailing list archives

Re: Rate of growth on IPv6 not fast enough?

From: William Herrin <bill () herrin us>
Date: Wed, 21 Apr 2010 14:24:37 -0400

On Tue, Apr 20, 2010 at 9:34 PM, Karl Auer <kauer () biplane com au> wrote:

On Tue, 2010-04-20 at 12:59 -0700, Owen DeLong wrote:

On Apr 20, 2010, at 12:31 PM, Roger Marquis wrote:

NAT _always_ fails-closed

Stateful Inspection can be implemented fail-closed.


Not to take issue with either statement in particular, but I think there
needs to be some consideration of what "fail" means.


Fail means that an inexperienced admin drops a router in place of the
firewall to work around a priority problem while the senior engineer
is on vacation. With NAT protecting unroutable addresses, that failure
mode fails closed.

Regards,
Bill Herrin



-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

Current thread:

Re: Rate of growth on IPv6 not fast enough?, (continued)
- - - Re: Rate of growth on IPv6 not fast enough? Jim Burwell (Apr 21)
    - Re: Rate of growth on IPv6 not fast enough? Dave Sparro (Apr 21)
    - Re: Rate of growth on IPv6 not fast enough? Cutler James R (Apr 21)
    - Re: Rate of growth on IPv6 not fast enough? Jack Bates (Apr 21)
    - Re: Rate of growth on IPv6 not fast enough? Karl Auer (Apr 20)
    - Re: Rate of growth on IPv6 not fast enough? joel jaeggli (Apr 20)
    - Re: Rate of growth on IPv6 not fast enough? Owen DeLong (Apr 20)
    - Re: Rate of growth on IPv6 not fast enough? Mark Andrews (Apr 20)
    - Re: Rate of growth on IPv6 not fast enough? Karl Auer (Apr 20)
    - Re: Rate of growth on IPv6 not fast enough? joel jaeggli (Apr 20)
    - Re: Rate of growth on IPv6 not fast enough? William Herrin (Apr 21)
    - Re: Rate of growth on IPv6 not fast enough? Mark Smith (Apr 29)
    - Re: Rate of growth on IPv6 not fast enough? isabel dias (Apr 29)
    - Re: Rate of growth on IPv6 not fast enough? William Herrin (Apr 29)
    - Re: Rate of growth on IPv6 not fast enough? Valdis . Kletnieks (Apr 29)
  - Re: Rate of growth on IPv6 not fast enough? Leen Besselink (Apr 20)
  - Re: Rate of growth on IPv6 not fast enough? Jack Bates (Apr 20)
    - Re: Rate of growth on IPv6 not fast enough? Simon Perreault (Apr 20)
    - Re: Rate of growth on IPv6 not fast enough? Jack Bates (Apr 20)
    - Re: Rate of growth on IPv6 not fast enough? Valdis . Kletnieks (Apr 20)
    - Re: Rate of growth on IPv6 not fast enough? Jack Bates (Apr 20)

(Thread continues...)