nanog mailing list archives

Re: quietly....

From: Jay Ashworth <jra () baylink com>
Date: Thu, 3 Feb 2011 11:29:01 -0500 (EST)

----- Original Message -----

From: "Jon Lewis" <jlewis () lewis org>

There's an awful lot of inertia in the "NAPT/firewall keeps our hosts
safe from the internet" mentality. Sure, a stateful firewall can be
configured allow all outbound traffic and only connected/related
inbound.

When someone breaks or shuts off that filter, traffic through the NAPT
firewall stops working. On the stateful firewall with public IPs on
both sides, everything works...including the traffic you didn't want.


Precisely.

This is the crux of the argument I've been trying, rather ineptly,
to make: when it breaks, *which way does it fail*.  NAT fails safe,
generally.

People are going to want NAT66...and not providing it may slow down
IPv6 adoption.


You're using the future tense there, Jon; are you sure you didn't mean
to use the present?  Or the past...?

Cheers,
-- jra

Current thread:

Re: quietly...., (continued)
- - - Re: quietly.... Dave Israel (Feb 01)
    - Re: quietly.... Jack Bates (Feb 01)
    - Re: quietly.... Owen DeLong (Feb 02)
    - Re: quietly.... John Payne (Feb 02)
    - Re: quietly.... Owen DeLong (Feb 02)
    - Re: quietly.... John Payne (Feb 02)
    - Re: quietly.... Brian Johnson (Feb 02)
    - Re: quietly.... Dave Israel (Feb 02)
    - RE: quietly.... Brian Johnson (Feb 03)
    - RE: quietly.... Jon Lewis (Feb 03)
    - Re: quietly.... Jay Ashworth (Feb 03)
    - RE: quietly.... Matthew Huff (Feb 03)
    - Re: quietly.... Owen DeLong (Feb 03)
    - RE: quietly.... Matthew Huff (Feb 03)
    - Re: quietly.... Owen DeLong (Feb 03)
    - Re: quietly.... Jack Bates (Feb 03)
    - Re: quietly.... Lamar Owen (Feb 03)
    - Re: quietly.... Jack Bates (Feb 03)
    - Re: quietly.... Lamar Owen (Feb 03)
    - Re: quietly.... Simon Perreault (Feb 03)
    - Re: quietly.... Matthew Palmer (Feb 03)

(Thread continues...)