RE: quietly....

[Matthew Huff <mhuff () ox com>]

Yes, but unless that ipv6 that isn't globally routed is NAT66 to the outside world, then it wouldn't have external 
access.

> -----Original Message-----
> From: Jon Lewis [mailto:jlewis () lewis org]
> Sent: Thursday, February 03, 2011 11:41 AM
> To: Iljitsch van Beijnum
> Cc: nanog () nanog org
> Subject: Re: quietly....
>
> On Thu, 3 Feb 2011, Iljitsch van Beijnum wrote:
>
> > On 3 feb 2011, at 17:16, Jon Lewis wrote:
> >
> > > When someone breaks or shuts off that filter, traffic through the NAPT firewall stops working.  On
> the stateful firewall with public IPs on both sides, everything works...including the traffic you
> didn't want.
> > > People are going to want NAT66...and not providing it may slow down IPv6 adoption.
> >
> > Hm, if you turn off the NAT66 function, wouldn't the traffic pass through unhindered, too?
>
> Outbound traffic would.  Inbound, if on the inside, you're using IPv6
> space that's not globally routed, won't.  Just like what happens now with
> NAPT with rfc1918 space on the inside when you stop doing
> translation...private IP traffic leaks out...but nothing comes back
> because there is no return path.
>
> ----------------------------------------------------------------------
>   Jon Lewis, MCP :)           |  I route
>   Senior Network Engineer     |  therefore you are
>   Atlantic Net                |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________