[128071] in North American Network Operators' Group
Re: Addressing plan exercise for our IPv6 course
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sat Jul 24 03:52:13 2010
To: "Akyol, Bora A" <bora@pnl.gov>
In-Reply-To: Your message of "Thu, 22 Jul 2010 19:53:48 PDT."
<C86E524C.4695%bora@pnl.gov>
From: Valdis.Kletnieks@vt.edu
Date: Sat, 24 Jul 2010 03:50:25 -0400
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1279957825_3953P
Content-Type: text/plain; charset=us-ascii
On Thu, 22 Jul 2010 19:53:48 PDT, "Akyol, Bora A" said:
> As long as customers believe that having a NAT router/"firewall" in place is a security feature,
> I don't think anyone is going to get rid of the NAT box.
Firewall != NAT. The former is still needed in IPv6, the latter is not. And I
suspect that most Joe Sixpacks think of that little box they bought as a
"firewall" and don't understand NAT. If Joe Sixpack actually knows what NAT
is, tell them the little box still provides all the firewall security and NAT
isn't needed for IPv6.
And if Joe Sixpack *still* insists on NAT, give him a /56 and tell him to turn
on IPv6 autoconfigure. Poof - his subnet no longer matches the outside subnet,
so he must be NAT'ed, right? (And if Joe sees through *that* subterfuge,
consider hiring him ;)
--==_Exmh_1279957825_3953P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFMSptBcC3lWbTT17ARAvGoAJwMCHbUc4qzFr1jgb8vgoTNrV8G3ACglGdb
IG4Y/c+N/8IpCOB7vX7tYho=
=2u++
-----END PGP SIGNATURE-----
--==_Exmh_1279957825_3953P--
