[arin-ppml] IPv6 Non-connected networks
Roger Marquis
marquis at roble.com
Fri Mar 26 13:29:24 EDT 2010
On Fri, 26 Mar 2010, Owen DeLong wrote:
>> Are you assuming consumers will simply open up their firewalls and let
>> (your) protocols through without inspection, were NAT out of the way? I
>> just don't see end users giving SRTP or any other protocol a free pass,
>> regardless of firewall gear, regardless of NAT. Also doubt that the
>> alternative packet inspecting and/or other ACLs would be simpler than
>> NAT.
>>
> I'm certainly making no such assumption, but, yes, the other packet inspecting
> things are vastly superior to NAT in at least the following ways:
>
> 1. Deterministic, predictable troubleshooting
> 2. They don't require heroic measures in the software to work around
> the damage introduced by your stateful inspection. Stateful
> inspection only breaks what it intends to break. NAT breaks all
> kinds of things whether the administrator wants to allow them
> or not.
Your assertions are vague and general Owen, and not in agreement with my
experience. Exactly what step of RTP/SRTP stateful inspection is easier
without NAT?
Roger Marquis
More information about the ARIN-PPML
mailing list