[arin-ppml] inevitability of NAT?
Frank Bulk
frnkblk at iname.com
Tue Feb 8 21:43:08 EST 2011
Mark:
The hardware came before the implementation of IPv6 support. They tried to
fit in existing hardware, but it didn't work. Future hardware revisions of
some models will include expanded storage, allowing for SPI support.
I suspect that most consumer/SOHO router vendors are in the same predicament
at D-Link.
We can complain about the past, but that won't change anything. Better to
make current and future purchasing decisions about what's out there -- I am.
Frank
-----Original Message-----
From: Mark Andrews [mailto:marka at isc.org]
Sent: Tuesday, February 08, 2011 7:31 PM
To: frnkblk at iname.com
Cc: 'Ted Mittelstaedt'; arin-ppml at arin.net
Subject: Re: [arin-ppml] inevitability of NAT?
In message <014d01cbc7cc$226f81e0$674e85a0$@iname.com>, "Frank Bulk" writes:
> Due to device (storage) limitations D-Link wasn't able to put a firewall
in
> many of its IPv-6 capable releases for its different hardware models, but
> DIR-655 is supposed to support SPI.
>
> Frank
Also IPv6 equipment should be capable of being put on the net without
a seperate firewall. If it isn't then the product really isn't fit
for the purpose it was designed for. Its been a hostile net for
the entire time IPv6 has existed and that should have been factored
into the design. A seperate firewall provides additional isolation
but shouldn't be needed.
Giving a device a ULA and not a public address if it doesn't need to
talk to the world will give you as much protection as a NAT gives.
Feature parity should also be there. I've got a Brother network
printer that has accept/deny filters for IPv4 but not for IPv6. I
don't know what they were thinking. IPv6 doesn't need accept/deny
filters but IPv6 does? It would have been less than a days work
to add them as they already have them working for IPv4. A bit more
for testing and documentation. At least I can set the IPv6 address
statically to a ULA.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the ARIN-PPML
mailing list