[170113] in North American Network Operators' Group
Re: misunderstanding scale
daemon@ATHENA.MIT.EDU (William Herrin)
Mon Mar 24 12:24:44 2014
In-Reply-To: <9578293AE169674F9A048B2BC9A081B4B542184F@MUNPRDMBXA1.medline.com>
From: William Herrin <bill@herrin.us>
Date: Mon, 24 Mar 2014 12:21:08 -0400
To: "Naslund, Steve" <SNaslund@medline.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sun, Mar 23, 2014 at 11:07 PM, Naslund, Steve <SNaslund@medline.com> wrote:
> I am not sure I agree with the basic premise here. NAT or Private addressing does not equal security.
Hi Steve,
It is your privilege to believe this and to practice it in the
networks you operate.
Many of the folks you would have deploy IPv6 do not agree. They take
comfort in the mathematical impossibility of addressing an internal
host from an outside packet that is not part of an ongoing session.
These folks find that address-overloaded NAT provides a valuable
additional layer of security.
Some folks WANT to segregate their networks from the Internet via a
general-protocol transparent proxy. They've had this capability with
IPv4 for 20 years. IPv6 poorly addresses their requirement.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
