nanog mailing list archives
Re: quietly....
From: Jay Ashworth <jra () baylink com>
Date: Thu, 3 Feb 2011 11:29:01 -0500 (EST)
----- Original Message -----
From: "Jon Lewis" <jlewis () lewis org>
There's an awful lot of inertia in the "NAPT/firewall keeps our hosts safe from the internet" mentality. Sure, a stateful firewall can be configured allow all outbound traffic and only connected/related inbound.
When someone breaks or shuts off that filter, traffic through the NAPT firewall stops working. On the stateful firewall with public IPs on both sides, everything works...including the traffic you didn't want.
Precisely. This is the crux of the argument I've been trying, rather ineptly, to make: when it breaks, *which way does it fail*. NAT fails safe, generally.
People are going to want NAT66...and not providing it may slow down IPv6 adoption.
You're using the future tense there, Jon; are you sure you didn't mean to use the present? Or the past...? Cheers, -- jra
Current thread:
- Re: quietly...., (continued)
- Re: quietly.... Dave Israel (Feb 01)
- Re: quietly.... Jack Bates (Feb 01)
- Re: quietly.... Owen DeLong (Feb 02)
- Re: quietly.... John Payne (Feb 02)
- Re: quietly.... Owen DeLong (Feb 02)
- Re: quietly.... John Payne (Feb 02)
- Re: quietly.... Brian Johnson (Feb 02)
- Re: quietly.... Dave Israel (Feb 02)
- RE: quietly.... Brian Johnson (Feb 03)
- RE: quietly.... Jon Lewis (Feb 03)
- Re: quietly.... Jay Ashworth (Feb 03)
- RE: quietly.... Matthew Huff (Feb 03)
- Re: quietly.... Owen DeLong (Feb 03)
- RE: quietly.... Matthew Huff (Feb 03)
- Re: quietly.... Owen DeLong (Feb 03)
- Re: quietly.... Jack Bates (Feb 03)
- Re: quietly.... Lamar Owen (Feb 03)
- Re: quietly.... Jack Bates (Feb 03)
- Re: quietly.... Lamar Owen (Feb 03)
- Re: quietly.... Simon Perreault (Feb 03)
- Re: quietly.... Matthew Palmer (Feb 03)