[171145] in North American Network Operators' Group
Re: Requirements for IPv6 Firewalls
daemon@ATHENA.MIT.EDU (Enno Rey)
Fri Apr 18 23:04:32 2014
Date: Sat, 19 Apr 2014 04:58:39 +0200
From: Enno Rey <erey@ernw.de>
To: nanog@nanog.org
In-Reply-To: <535175F8.2050907@dougbarton.us>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi,
On Fri, Apr 18, 2014 at 11:59:04AM -0700, Doug Barton wrote:
> On 04/18/2014 12:57 AM, Enno Rey wrote:
> > I fully second Sander's input. I've been involved in IPv6 planning in a number of very large enterprises now and_none_ of them required/asked for (66/overloading) NAT for their firewall environments. A few think about very specific deployments of NPTv6 like stuff for connections to supplier/partner networks (to map those to their own address space) but these are corner cases not even relevant for their "firewalls".
>
> How many of those networks were implementing with IPv6 PI space?
all of them
My
> experience has been that those customers are not interested in IPv6 NAT,
> but instead utilize network segmentation to define "internal" vs.
> "external."
>
> OTOH, customers for whom PI space is not realistic (for whatever
> reasons, and yes there are reasons) are very interested in the
> combination of ULA + NTPv6 to handle internal resources without having
> to worry about renumbering down the road.
true. it's just we don't see many of those (actually I've yet to encounter a single one) and it could be debatable if they belong to "Enterprise" networks (which is in the title of the ID).
best
Enno
>
> Doug
>
--
Enno Rey
ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902
Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey
=======================================================
Blog: www.insinuator.net || Conference: www.troopers.de
Twitter: @Enno_Insinuator
=======================================================
