RE: [arin-announce] IPv4 Address Space (fwd)

["Kuhtz, Christian" <christian.kuhtz () BELLSOUTH COM>]

> In article 
> <cistron.Pine.LNX.4.44.0310291228200.29539-100000 () login1 fas.h
> arvard.edu>,
> Scott McGrath  <mcgrath () fas harvard edu> wrote:
> > And sometimes you use NAT because you really do not want the NAT'ed 
> > device to be globally addressible but it needs to have a link to the 
> > outside to download updates.  Instrument controllers et.al.
>
> I don't understand. What is the difference between a /24 
> internal NATted network, and a /64 internal IPv6 network that 
> is firewalled
> off: only paclets to the outside allowed, and packets 
> destined for the inside need to have a traffic flow 
> associated with it.
>
> As I see it, NAT is just a stateful firewall of sorts. A 
> broken one, so why not use a non-broken solution ?

You forget the effort required to overcome the inherent inertia of
expenditure required to use the non-broken solution...
 
> We can only hope that IPv6 capable CPE devices have that sort 
> of stateful firewalling turned on by default. Or start 
> educating the vendors of these el-cheopo CPE devices so that 
> they will all have that kind of firewalling enabled before 
> IPv6 becomes mainstream.

CPE devices are already available.. POP gear is available. Dedicated access
shouldn't be a problem.  Forget dial, what's the point.. The gear that
worries me is inbetween the PE and the CPE for broadband connections.



*****
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential, proprietary, and/or
privileged material.  Any review, retransmission, dissemination or other use
of, or taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.  If you received
this in error, please contact the sender and delete the material from all
computers.60"