[arin-ppml] Set aside round deux

Roger Marquis marquis at roble.com
Thu Aug 5 14:31:23 EDT 2010


michael.dillon at bt.com wrote:
> If you are going to install a firewall, then this whole discussion
> of IPv6 NAT gateways does not apply to you. A firewall has far more
> features than a NAT box. We are really discussing boxes which have
> had a bit of firewall functionality (called NAT) added to them but
> which do not deserve the name, "firewall".

There is no such thing as a "NAT box".  Firewalls == NAT == firewalls
whichever way you look at it.

Getting back to the technical reasons for NAT, or at least trying to, are
there no takers for these questions?

   * If you can explain how multihoming will work without NAT and without
   internal renumbering then please do.  If you think internal renumbering
   is feasible please explain how to maintain persistent connections across
   a renumbering?

   * How to would you do transparent load-balancing and fail-over, ingress
   or egress, without NAT?

   * Also, since nobody has yet made a good business case for GUA (other
   that upstream lock-in), please explain how consumers' privacy and vendor
   independence would be preserved in the GUA world you're advocating.

   * How would you deal with routing table growth in absence of NAT?

   * And most importantly, please explain what NAT breaks that stateful
   inspection has not already "fixed-up"?

Roger Marquis



More information about the ARIN-PPML mailing list