[125730] in North American Network Operators' Group
Re: Rate of growth on IPv6 not fast enough?
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Apr 21 23:35:57 2010
From: Owen DeLong <owen@delong.com>
In-Reply-To: <20100421222628.993782B2121@mx5.roble.com>
Date: Wed, 21 Apr 2010 20:31:09 -0700
To: Roger Marquis <marquis@roble.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Apr 21, 2010, at 3:26 PM, Roger Marquis wrote:
> William Herrin wrote:
>>> Not to take issue with either statement in particular, but I think there
>>> needs to be some consideration of what "fail" means.
>>
>> Fail means that an inexperienced admin drops a router in place of the
>> firewall to work around a priority problem while the senior engineer
>> is on vacation. With NAT protecting unroutable addresses, that failure
>> mode fails closed.
>
> In addition to fail-closed NAT also means:
>
> * search engines and and connectivity providers cannot (easily)
> differentiate and/or monitor your internal hosts, and
>
Right, because nobody has figured out Javascript and Cookies.
> * multiple routes do not have to be announced or otherwise accommodated
> by internal re-addressing.
>
I fail to see how NAT even affects this in a properly structured network.
Owen
