Consumer Grade - IPV6 Enabled Router Firewalls.
Mark Newton
newton at internode.com.au
Sat Dec 12 07:13:24 UTC 2009
On 12/12/2009, at 4:15 PM, Roger Marquis wrote:
> Is there a natophobe in the house who thinks there shouldn't be stateful
> inspection in IPv6? If not then could you explain what overhead NAT
> requires that stateful inspection hasn't already taken care of?
I handwave past all that by pointing out (as you have) that
stateful inspection is just a subset of NAT, where the inside
address and the outside address happen to be the same.
(in the same way that the SHIM6 middleware boxes which were
proposed but never built were /also/ just subsets of NAT, with
the translation rules controlled by the SHIM6 protocol layers
on the hosts... but we weren't allowed to call them NAT gateways,
because IPv6 isn't supposed to have any NAT in it :)
- mark
--
Mark Newton Email: newton at internode.com.au (W)
Network Engineer Email: newton at atdot.dotat.org (H)
Internode Pty Ltd Desk: +61-8-82282999
"Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
More information about the NANOG
mailing list