[arin-ppml] IPv6 Non-connected networks

Owen DeLong owen at delong.com
Fri Mar 26 05:49:30 EDT 2010


> 
> Are you assuming consumers will simply open up their firewalls and let
> (your) protocols through without inspection, were NAT out of the way?  I
> just don't see end users giving SRTP or any other protocol a free pass,
> regardless of firewall gear, regardless of NAT.  Also doubt that the
> alternative packet inspecting and/or other ACLs would be simpler than
> NAT.
> 
I'm certainly making no such assumption, but, yes, the other packet inspecting
things are vastly superior to NAT in at least the following ways:

1.	Deterministic, predictable troubleshooting
2.	They don't require heroic measures in the software to work around
	the damage introduced by your stateful inspection. Stateful
	inspection only breaks what it intends to break. NAT breaks all
	kinds of things whether the administrator wants to allow them
	or not.

Owen

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20100326/5b6ad37c/attachment.htm>


More information about the ARIN-PPML mailing list