Rate of growth on IPv6 not fast enough?

• Previous message (by thread): Rate of growth on IPv6 not fast enough?
• Next message (by thread): Rate of growth on IPv6 not fast enough?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 20, 2010 at 9:34 PM, Karl Auer <kauer at biplane.com.au> wrote:
> On Tue, 2010-04-20 at 12:59 -0700, Owen DeLong wrote:
>> On Apr 20, 2010, at 12:31 PM, Roger Marquis wrote:
>> > NAT _always_ fails-closed
>> Stateful Inspection can be implemented fail-closed.
>
> Not to take issue with either statement in particular, but I think there
> needs to be some consideration of what "fail" means.

Fail means that an inexperienced admin drops a router in place of the
firewall to work around a priority problem while the senior engineer
is on vacation. With NAT protecting unroutable addresses, that failure
mode fails closed.

Regards,
Bill Herrin



-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

• Previous message (by thread): Rate of growth on IPv6 not fast enough?
• Next message (by thread): Rate of growth on IPv6 not fast enough?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]