[171109] in North American Network Operators' Group
Re: Requirements for IPv6 Firewalls
daemon@ATHENA.MIT.EDU (William Herrin)
Fri Apr 18 14:01:18 2014
In-Reply-To: <5351638A.2080601@per.reau.lt>
From: William Herrin <bill@herrin.us>
Date: Fri, 18 Apr 2014 14:00:33 -0400
To: Simon Perreault <simon@per.reau.lt>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Apr 18, 2014 at 1:40 PM, Simon Perreault <simon@per.reau.lt> wrote:
> Le 2014-04-18 13:35, William Herrin a =C3=A9crit :
>> Your document specifies "Enterprise" firewalls. Frankly I think that's
>> wise. Consumer and enterprise users have very different needs and very
>> different cost points.
>
> Over here we have no use for IPv6 NAT. We have our own PI space. I
> suspect many other enterprises would be in a similar situation.
>
> I totally get your position, but I don't see how it can justify an
> Internet-wide requirement.
As I understand your document, you're trying to scope a set of minimum
required features for a firewall that will be able to describe itself
as "RFC whatever compliant." The idea is for folks working for large
enterprises to be able to use such a tag as a discriminator for
potential purchases. Since a pretty humongous number of them are using
NAT with IPv4 and are likely to want to do so with IPv6, leaving that
out of the required feature list seems counter-productive to your goal
of a document which has utility to them.
Besides, you have spam control and URL filtering in there. Do you
seriously propose that spam control and URL filtering rank above NAT
on the *firewall* requirements list?
Regards,
Bill Herrin
--=20
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
