Requirements for IPv6 Firewalls

William Herrin bill at
Fri Apr 18 22:47:18 UTC 2014

On Fri, Apr 18, 2014 at 6:36 PM, Lee Howard <Lee at> wrote:
> Some operators want NAT.  Some don't.  There are loud voices on both
> sides. Consensus seems slightly against.

Hi Lee,

Some operators want NAT. That's it. End of discussion. This isn't a
consensus question. Some operators want NAT. Period. Full stop.
They'll hold off deploying and when IPv6 is sufficiently valuable,
they'll pay someone to give them NAT. Regardless of whether the
consensus of the IETF approves.

These are the folks who made Gauntlet and its transparent proxies the
#1 firewall product back during the bubble. They don't see the
Internet the way you do.

And if there are more of them than you think, IPv6 won't achieve
sufficient value, won't reach critical mass. Then you'll really REALLY
be stuck with NAT.

Bill Herrin

William D. Herrin ................ herrin at  bill at
3005 Crane Dr. ...................... Web: <>
Falls Church, VA 22042-3004

More information about the NANOG mailing list