[171090] in North American Network Operators' Group
Re: Requirements for IPv6 Firewalls
daemon@ATHENA.MIT.EDU (Matthew Kaufman)
Thu Apr 17 23:57:21 2014
In-Reply-To: <CAFy81rkaY5OEQyuCEnHHYpUvC_Lb3Kh5gqZ6aZ7qKcZ9UoFNCQ@mail.gmail.com>
From: Matthew Kaufman <matthew@matthew.at>
Date: Thu, 17 Apr 2014 20:56:54 -0700
To: Timothy Morizot <tmorizot@gmail.com>
Cc: NANOG list <nanog@nanog.org>, Brandon Ross <bross@pobox.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I think I got you to say "NAT"
Matthew Kaufman
(Sent from my iPhone)
> On Apr 17, 2014, at 7:05 PM, Timothy Morizot <tmorizot@gmail.com> wrote:
>=20
>=20
> On Apr 17, 2014 7:52 PM, "Matthew Kaufman" <matthew@matthew.at> wrote:
> >
> > While you're at it, the document can explain to admins who have been bur=
ned, often more than once, by the pain of re-numbering internal services at s=
tatic addresses how IPv6 without NAT will magically solve this problem.
>=20
> If you're worried about that issue, either get your own end user assignmen=
t(s) from ARIN or use ULA internally and employ NAT-PT (prefix translation) a=
t the perimeter. That's not even a hard question.
