nanog mailing list archives

Re: Requirements for IPv6 Firewalls

From: Enno Rey <erey () ernw de>
Date: Fri, 18 Apr 2014 09:57:31 +0200

Hi,

On Thu, Apr 17, 2014 at 06:55:24PM +0200, Sander Steffann wrote:

Hi Bill,

Also, I note your draft is entitled "Requirements for IPv6 Enterprise
Firewalls." Frankly, no "enterprise" firewall will be taken seriously
without address-overloaded NAT. I realize that's a controversial
statement in the IPv6 world but until you get past it you're basically
wasting your time on a document which won't be useful to industry.


I disagree. While there certainly will be organisations that want such a 'feature' it is certainly not a requirement 
for every (I hope most, but I might be optimistic) enterprises.


I fully second Sander's input. I've been involved in IPv6 planning in a number of very large enterprises now and _none_ 
of them required/asked for (66/overloading) NAT for their firewall environments. A few think about very specific 
deployments of NPTv6 like stuff for connections to supplier/partner networks (to map those to their own address space) 
but these are corner cases not even relevant for their "firewalls".

best

Enno


Cheers,
Sander


-- 
Enno Rey

ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 

Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey

=======================================================
Blog: www.insinuator.net || Conference: www.troopers.de
Twitter: @Enno_Insinuator
=======================================================

Current thread:

Re: Thank you Comcast, (continued)
- - - Re: Thank you Comcast Doug Barton (Apr 17)
    - Re: Requirements for IPv6 Firewalls Brandon Ross (Apr 17)
    - Re: Requirements for IPv6 Firewalls Matthew Kaufman (Apr 17)
    - Re: Requirements for IPv6 Firewalls Matt Palmer (Apr 18)
    - Re: Requirements for IPv6 Firewalls Seth Mos (Apr 18)
    - Re: Requirements for IPv6 Firewalls Enno Rey (Apr 18)
    - Re: Requirements for IPv6 Firewalls Nick Hilliard (Apr 18)
    - Re: Requirements for IPv6 Firewalls Lee Howard (Apr 18)
    - Re: Requirements for IPv6 Firewalls Fernando Gont (Apr 21)
    - Re: Requirements for IPv6 Firewalls Brandon Ross (Apr 21)
    - Re: Requirements for IPv6 Firewalls Enno Rey (Apr 18)
    - Re: Requirements for IPv6 Firewalls Doug Barton (Apr 18)
    - Re: Requirements for IPv6 Firewalls Enno Rey (Apr 18)
    - Re: Requirements for IPv6 Firewalls Doug Barton (Apr 19)
  - Re: Requirements for IPv6 Firewalls Lee Howard (Apr 18)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
- Re: Requirements for IPv6 Firewalls Glen Turner (Apr 18)