[arin-ppml] Set aside round deux

michael.dillon at bt.com michael.dillon at bt.com
Fri Aug 6 06:02:43 EDT 2010

> There is no such thing as a "NAT box".  Firewalls == NAT == firewalls
> whichever way you look at it.

>From a consumer point of view, a firewall is some software that runs
on the PC and a NAT box is the thing that connects to the DSL or
cable provider. Stateful inspection firewalls are the simplest sort
because they can function without rules and without configuration. 
That is what "box" means in this context. You and I may know that
a NAT box has a stateful inspection firewall built in regardless
of whether it is IPv4 Network Address Translation or IPv6 No-Address
Translation, but to the consumer, these details don't matter.
The consumer knows that a NAT box protects his network.

>    * How to would you do transparent load-balancing and fail-over,
> ingress
>    or egress, without NAT?

It's quite simple really. You focus on what you need and not on
how it is implemented. Many commercial vendors supply IPv6 load balancing.
You can also get opensource software like IPVS. They don't all work
the same way.

>    * Also, since nobody has yet made a good business case for GUA

I have no idea what GUA is.

>    * How would you deal with routing table growth in absence of NAT?

One prefix per ISP should significantly reduce routing table size.

--Michael Dillon

More information about the ARIN-PPML mailing list