[170119] in North American Network Operators' Group
RE: misunderstanding scale
daemon@ATHENA.MIT.EDU (Alexander Lopez)
Mon Mar 24 12:48:14 2014
From: Alexander Lopez <alex.lopez@opsys.com>
To: William Herrin <bill@herrin.us>, "Naslund, Steve" <SNaslund@medline.com>
Date: Mon, 24 Mar 2014 16:36:55 +0000
In-Reply-To: <CAP-guGUsNghSC2Te-L50=zXOuAYmTm1cOdLYyNHP7Grqso-8qA@mail.gmail.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
not to mention the cost in readdressing your entire network when you change=
an upstream provider.
Nat was a fix to a problem of lack of addresses, however, the use of priva=
te address space 10/8, 192.168/16 has allowed many to enjoy a simple networ=
k addressing scheme.
I have and will continue to deploy IPV6, however the ease and simplicity o=
f IPv4 cannot and should not be overlooked.
Ipv6 requires a complete reeducation of they way we look at routing and the=
core of the network.
I will not be trolling here, I prefer to troll off the Florida straits for =
large fish instead. ..
-------- Original message --------
From: William Herrin
Date:03/24/2014 12:27 PM (GMT-05:00)
To: "Naslund, Steve"
Cc: NANOG list
Subject: Re: misunderstanding scale
On Sun, Mar 23, 2014 at 11:07 PM, Naslund, Steve <SNaslund@medline.com> wro=
te:
> I am not sure I agree with the basic premise here. NAT or Private addre=
ssing does not equal security.
Hi Steve,
It is your privilege to believe this and to practice it in the
networks you operate.
Many of the folks you would have deploy IPv6 do not agree. They take
comfort in the mathematical impossibility of addressing an internal
host from an outside packet that is not part of an ongoing session.
These folks find that address-overloaded NAT provides a valuable
additional layer of security.
Some folks WANT to segregate their networks from the Internet via a
general-protocol transparent proxy. They've had this capability with
IPv4 for 20 years. IPv6 poorly addresses their requirement.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
