[136500] in North American Network Operators' Group
Re: quietly....
daemon@ATHENA.MIT.EDU (Jay Ashworth)
Thu Feb 3 11:33:57 2011
Date: Thu, 3 Feb 2011 11:29:01 -0500 (EST)
From: Jay Ashworth <jra@baylink.com>
To: NANOG <nanog@nanog.org>
In-Reply-To: <Pine.LNX.4.61.1102031025560.5148@soloth.lewis.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
----- Original Message -----
> From: "Jon Lewis" <jlewis@lewis.org>
> There's an awful lot of inertia in the "NAPT/firewall keeps our hosts
> safe from the internet" mentality. Sure, a stateful firewall can be
> configured allow all outbound traffic and only connected/related
> inbound.
> When someone breaks or shuts off that filter, traffic through the NAPT
> firewall stops working. On the stateful firewall with public IPs on
> both sides, everything works...including the traffic you didn't want.
Precisely.
This is the crux of the argument I've been trying, rather ineptly,
to make: when it breaks, *which way does it fail*. NAT fails safe,
generally.
> People are going to want NAT66...and not providing it may slow down
> IPv6 adoption.
You're using the future tense there, Jon; are you sure you didn't mean
to use the present? Or the past...?
Cheers,
-- jra
