[170127] in North American Network Operators' Group
Re: misunderstanding scale
daemon@ATHENA.MIT.EDU (William Herrin)
Mon Mar 24 13:27:40 2014
In-Reply-To: <7053AFC7-45DB-4361-B201-906308B34224@ianai.net>
From: William Herrin <bill@herrin.us>
Date: Mon, 24 Mar 2014 13:17:39 -0400
To: "Patrick W. Gilmore" <patrick@ianai.net>
Cc: North American Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Mar 24, 2014 at 1:05 PM, Patrick W. Gilmore <patrick@ianai.net> wrote:
> On Mar 24, 2014, at 12:21, William Herrin <bill@herrin.us> wrote:
>> Some folks WANT to segregate their networks from the Internet via a
>> general-protocol transparent proxy. They've had this capability with
>> IPv4 for 20 years. IPv6 poorly addresses their requirement.
>
> NAT i s not required for the above. Any firewall can stop incoming packets unless they are part of an established session. NAT doesn't add much of anything, especially given that you can have one-to-one NAT.
Hi Patrick,
What sort of traction are you getting from that argument with
enterprise security folks who object to deploying IPv6 because of NAT?
Regards,
Bill Herrin
--
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
