quietly....
Matthew Huff
mhuff at ox.com
Thu Feb 3 16:58:27 UTC 2011
Yes, but unless that ipv6 that isn't globally routed is NAT66 to the outside world, then it wouldn't have external access.
> -----Original Message-----
> From: Jon Lewis [mailto:jlewis at lewis.org]
> Sent: Thursday, February 03, 2011 11:41 AM
> To: Iljitsch van Beijnum
> Cc: nanog at nanog.org
> Subject: Re: quietly....
>
> On Thu, 3 Feb 2011, Iljitsch van Beijnum wrote:
>
> > On 3 feb 2011, at 17:16, Jon Lewis wrote:
> >
> >> When someone breaks or shuts off that filter, traffic through the NAPT firewall stops working. On
> the stateful firewall with public IPs on both sides, everything works...including the traffic you
> didn't want.
> >
> >> People are going to want NAT66...and not providing it may slow down IPv6 adoption.
> >
> > Hm, if you turn off the NAT66 function, wouldn't the traffic pass through unhindered, too?
>
> Outbound traffic would. Inbound, if on the inside, you're using IPv6
> space that's not globally routed, won't. Just like what happens now with
> NAPT with rfc1918 space on the inside when you stop doing
> translation...private IP traffic leaks out...but nothing comes back
> because there is no return path.
>
> ----------------------------------------------------------------------
> Jon Lewis, MCP :) | I route
> Senior Network Engineer | therefore you are
> Atlantic Net |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the NANOG
mailing list