[111642] in North American Network Operators' Group
Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space
daemon@ATHENA.MIT.EDU (Jack Bates)
Mon Feb 9 20:00:42 2009
Date: Mon, 09 Feb 2009 19:00:17 -0600
From: Jack Bates <jbates@brightok.net>
To: Mark Newton <newton@internode.com.au>
In-Reply-To: <0619DF3C-5FD7-439A-8EB6-1A481A967411@internode.com.au>
Cc: north American Noise and Off-topic Gripes <nanog@merit.edu>
Errors-To: nanog-bounces@nanog.org
Mark Newton wrote:
> On a commodity consumer CPE device, the ALG code doubles as a
> stateful inspection engine.
>
> So it _is_ required when address translations are not being performed.
>
Hmmmm, the code may be there, but I suspect that not all of it will
apply to v6 and be used.
> Is security something that gets thought about now, or post-deployment?
I suspect that depends on who you ask. Security is always the top of my
list. That being said, what security is there in removing NAT from v4
because it broke what the customer wanted to do? Then they are back to
their host based stateful firewall; which apparently everyone believes
is not good enough. Might as well throw in v6 and trash the NAT.
Jack
