[171085] in North American Network Operators' Group
Re: Requirements for IPv6 Firewalls
daemon@ATHENA.MIT.EDU (Timothy Morizot)
Thu Apr 17 22:06:03 2014
In-Reply-To: <E3594EBE-A2C1-42D4-8906-5A1D497C9F55@matthew.at>
Date: Thu, 17 Apr 2014 21:05:17 -0500
From: Timothy Morizot <tmorizot@gmail.com>
To: Matthew Kaufman <matthew@matthew.at>
Cc: NANOG list <nanog@nanog.org>, Brandon Ross <bross@pobox.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Apr 17, 2014 7:52 PM, "Matthew Kaufman" <matthew@matthew.at> wrote:
>
> While you're at it, the document can explain to admins who have been
burned, often more than once, by the pain of re-numbering internal services
at static addresses how IPv6 without NAT will magically solve this problem.
If you're worried about that issue, either get your own end user
assignment(s) from ARIN or use ULA internally and employ NAT-PT (prefix
translation) at the perimeter. That's not even a hard question.
