[125710] in North American Network Operators' Group
Re: Rate of growth on IPv6 not fast enough?
daemon@ATHENA.MIT.EDU (William Herrin)
Wed Apr 21 14:25:40 2010
In-Reply-To: <1271813655.6417.431.camel@karl>
From: William Herrin <bill@herrin.us>
Date: Wed, 21 Apr 2010 14:24:37 -0400
To: Karl Auer <kauer@biplane.com.au>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Apr 20, 2010 at 9:34 PM, Karl Auer <kauer@biplane.com.au> wrote:
> On Tue, 2010-04-20 at 12:59 -0700, Owen DeLong wrote:
>> On Apr 20, 2010, at 12:31 PM, Roger Marquis wrote:
>> > NAT _always_ fails-closed
>> Stateful Inspection can be implemented fail-closed.
>
> Not to take issue with either statement in particular, but I think there
> needs to be some consideration of what "fail" means.
Fail means that an inexperienced admin drops a router in place of the
firewall to work around a priority problem while the senior engineer
is on vacation. With NAT protecting unroutable addresses, that failure
mode fails closed.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
