[125720] in North American Network Operators' Group
Re: Rate of growth on IPv6 not fast enough?
daemon@ATHENA.MIT.EDU (Roger Marquis)
Wed Apr 21 18:27:12 2010
Date: Wed, 21 Apr 2010 15:26:28 -0700 (PDT)
From: Roger Marquis <marquis@roble.com>
To: nanog@nanog.org
In-Reply-To: <mailman.2962.1271887258.25298.nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
William Herrin wrote:
>> Not to take issue with either statement in particular, but I think there
>> needs to be some consideration of what "fail" means.
>
> Fail means that an inexperienced admin drops a router in place of the
> firewall to work around a priority problem while the senior engineer
> is on vacation. With NAT protecting unroutable addresses, that failure
> mode fails closed.
In addition to fail-closed NAT also means:
* search engines and and connectivity providers cannot (easily)
differentiate and/or monitor your internal hosts, and
* multiple routes do not have to be announced or otherwise accommodated
by internal re-addressing.
Roger Marquis
