[136508] in North American Network Operators' Group
Re: quietly....
daemon@ATHENA.MIT.EDU (Jon Lewis)
Thu Feb 3 11:55:01 2011
Date: Thu, 3 Feb 2011 11:40:52 -0500 (EST)
From: Jon Lewis <jlewis@lewis.org>
To: Iljitsch van Beijnum <iljitsch@muada.com>
In-Reply-To: <5A51DAF3-6189-4785-9543-CB046B2819B9@muada.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, 3 Feb 2011, Iljitsch van Beijnum wrote:
> On 3 feb 2011, at 17:16, Jon Lewis wrote:
>
>> When someone breaks or shuts off that filter, traffic through the NAPT firewall stops working. On the stateful firewall with public IPs on both sides, everything works...including the traffic you didn't want.
>
>> People are going to want NAT66...and not providing it may slow down IPv6 adoption.
>
> Hm, if you turn off the NAT66 function, wouldn't the traffic pass through unhindered, too?
Outbound traffic would. Inbound, if on the inside, you're using IPv6
space that's not globally routed, won't. Just like what happens now with
NAPT with rfc1918 space on the inside when you stop doing
translation...private IP traffic leaks out...but nothing comes back
because there is no return path.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
