Re: Requirements for IPv6 Firewalls

[Enno Rey <erey () ernw de>]

Hi,

On Fri, Apr 18, 2014 at 11:59:04AM -0700, Doug Barton wrote:
> On 04/18/2014 12:57 AM, Enno Rey wrote:
> > I fully second Sander's input. I've been involved in IPv6 planning in a number of very large enterprises now 
> > and_none_  of them required/asked for (66/overloading) NAT for their firewall environments. A few think about very 
> > specific deployments of NPTv6 like stuff for connections to supplier/partner networks (to map those to their own 
> > address space) but these are corner cases not even relevant for their "firewalls".
>
> How many of those networks were implementing with IPv6 PI space?

all of them



 My 
> experience has been that those customers are not interested in IPv6 NAT, 
> but instead utilize network segmentation to define "internal" vs. 
> "external."
>
> OTOH, customers for whom PI space is not realistic (for whatever 
> reasons, and yes there are reasons) are very interested in the 
> combination of ULA + NTPv6 to handle internal resources without having 
> to worry about renumbering down the road.

true. it's just we don't see many of those (actually I've yet to encounter a single one) and it could be debatable if 
they belong to "Enterprise" networks (which is in the title of the ID).

best

Enno





> Doug

-- 
Enno Rey

ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 

Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey

=======================================================
Blog: www.insinuator.net || Conference: www.troopers.de
Twitter: @Enno_Insinuator
=======================================================