[94645] in North American Network Operators' Group
Re: Google wants to be your Internet
daemon@ATHENA.MIT.EDU (Joseph S D Yao)
Wed Jan 31 15:17:27 2007
Date: Wed, 31 Jan 2007 15:15:07 -0500
From: Joseph S D Yao <jsdy@center.osis.gov>
To: michael.dillon@bt.com
Cc: nanog@merit.edu
Mail-Followup-To: michael.dillon@bt.com, nanog@merit.edu
In-Reply-To: <2DA00C5A2146FB41ABDB3E9FCEBC74C1A075BD@i2km07-ukbr.domain1.systemhost.net>
Errors-To: owner-nanog@merit.edu
On Tue, Jan 30, 2007 at 08:19:12AM -0000, michael.dillon@bt.com wrote:
>
>
> > > IPv6 makes NAT obsolete because IPv6 firewalls can provide all
> > > the useful features of IPv4 NAT without any of the downsides.
>
> > IPv6 firewalls? Where? Good ones?
>
> Why good ones. NAT is a basic IPv4 firewall. All IPv6 needs to obsolete
> NAT is a firewall that offers all the features of NAT without requiring
> the address translation. Then, instead of setting up a port translation
> for a particular incoming protocol, you simply open up that port without
> modifying the packets as they flow through. Suddenly, SIP works and
> incoming VoIP phonecalls work just like on the phone network.
There is more to firewalls than NAT and packet filtering, no matter what
the Cisco Pix people say.
--
Joe Yao
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
