[111637] in North American Network Operators' Group
Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space
daemon@ATHENA.MIT.EDU (Mark Newton)
Mon Feb 9 19:00:03 2009
From: Mark Newton <newton@internode.com.au>
To: Owen DeLong <owen@delong.com>
In-Reply-To: <1BCDE3F8-440B-4D2B-9BF1-D4AE5DBF7952@delong.com>
Date: Tue, 10 Feb 2009 10:28:47 +1030
Cc: north American Noise and Off-topic Gripes <nanog@merit.edu>
Errors-To: nanog-bounces@nanog.org
On 10/02/2009, at 10:17 AM, Owen DeLong wrote:
>>
>> Sure, but at the end of the day a non-NAT firewall is just a
>> special case
>> of NAT firewall where the "inside" and "outside" addresses happen to
>> be the same.
>
> Uh, that's a pretty twisted view. I would say that NAT is a special
> additional capability of the firewall which mangles the address(es)
> in the packet. I would not regard passing the address unmangled
> as a "special case" of mangling.
You're passing a value judgement on NAT, using loaded terms like
"mangling"
and "twisted".
Fine, you don't like rewriting L3 addresses and L4 port numbers. Yep,
I get that. Relevance?
> In terms of implementing the code, sure, the result is about the same,
> but, the key point here is that there really isn't a benefit to
> having that
> packet mangling code in IPv6.
There is if you have a dual-stack device, your L4-and-above protocols
are the same under v4 and v6, and you don't want to reinvent the ALG
wheel.
- mark
--
Mark Newton Email: newton@internode.com.au
(W)
Network Engineer Email:
newton@atdot.dotat.org (H)
Internode Pty Ltd Desk: +61-8-82282999
"Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
