[arin-ppml] IPv6 Non-connected networks
Owen DeLong
owen at delong.com
Fri Mar 26 05:49:30 EDT 2010
>
> Are you assuming consumers will simply open up their firewalls and let
> (your) protocols through without inspection, were NAT out of the way? I
> just don't see end users giving SRTP or any other protocol a free pass,
> regardless of firewall gear, regardless of NAT. Also doubt that the
> alternative packet inspecting and/or other ACLs would be simpler than
> NAT.
>
I'm certainly making no such assumption, but, yes, the other packet inspecting
things are vastly superior to NAT in at least the following ways:
1. Deterministic, predictable troubleshooting
2. They don't require heroic measures in the software to work around
the damage introduced by your stateful inspection. Stateful
inspection only breaks what it intends to break. NAT breaks all
kinds of things whether the administrator wants to allow them
or not.
Owen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20100326/5b6ad37c/attachment.htm>
More information about the ARIN-PPML
mailing list