Requirements for IPv6 Firewalls

Gary Buhrmaster gary.buhrmaster at
Fri Apr 18 18:02:41 UTC 2014

On Fri, Apr 18, 2014 at 3:02 PM, William Herrin <bill at> wrote:
> The main drivers behind the desire for NAT in IPv6 you've heard
> before, but I'll repeat them for the sake of clarity:

5. Some industries (PCI compliance) *require* NAT as part of
    the audit-able requirements.  Yes, that should get changed.
    But until it does, (at least some) enterprises are going to
    be between a rock and a hard place.

As Bill says, the place to get this fixed is not to tell the
enterprises they are doing it wrong, but to change the
requirements that auditors measure against.  I would cheer
the effort to engage those bodies to get them to understand
that NAT is not the way (for it is not).  This does not mean
ignore the problem.  It does not mean to tell people they
are doing it wrong.  It means active engagement with such
organizations.  And it is hard, policy type, work,

More information about the NANOG mailing list