Consumer Grade - IPV6 Enabled Router Firewalls.

Mark Newton newton at internode.com.au
Sat Dec 12 07:13:24 UTC 2009


On 12/12/2009, at 4:15 PM, Roger Marquis wrote:

> Is there a natophobe in the house who thinks there shouldn't be stateful
> inspection in IPv6?  If not then could you explain what overhead NAT
> requires that stateful inspection hasn't already taken care of?

I handwave past all that by pointing out (as you have) that 
stateful inspection is just a subset of NAT, where the inside
address and the outside address happen to be the same.

(in the same way that the SHIM6 middleware boxes which were 
proposed but never built were /also/ just subsets of NAT, with
the translation rules controlled by the SHIM6 protocol layers 
on the hosts... but we weren't allowed to call them NAT gateways,
because IPv6 isn't supposed to have any NAT in it :)

   - mark

--
Mark Newton                               Email:  newton at internode.com.au (W)
Network Engineer                          Email:  newton at atdot.dotat.org  (H)
Internode Pty Ltd                         Desk:   +61-8-82282999
"Network Man" - Anagram of "Mark Newton"  Mobile: +61-416-202-223









More information about the NANOG mailing list