[171158] in North American Network Operators' Group
Re: Requirements for IPv6 Firewalls
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Sat Apr 19 14:47:27 2014
In-Reply-To: <E906CE70-EC87-4BC7-BD6A-38051F07DBB8@gmail.com>
From: Jimmy Hess <mysidia@gmail.com>
Date: Sat, 19 Apr 2014 13:44:22 -0500
To: George William Herbert <george.herbert@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sat, Apr 19, 2014 at 1:08 PM, George William Herbert
<george.herbert@gmail.com> wrote:
> On Apr 18, 2014, at 9:10 PM, "Dobbins, Roland" <rdobbins@arbor.net> wrote:
> I don't know where you find ideas like this.
>
> There are stateful firewalls in the security packages in front of all the internet facing servers in all the major service providers I've worked at. Not *just* stateful firewalls, but they're in there.
> That one company is trying something different does not mean there isn't widespread standardized use of the technology.
There is not widespread use of stateful firewall units with the
stateful element as a single point of failure in front of large public
web farms.
This is different from "security package software" on individual web servers.
There is plenty of one-off usage in small web farms, where DDoS is not
a concern.
> -george william herbert
--
-JH
