nanog mailing list archives

Re: Requirements for IPv6 Firewalls

From: Eugeniu Patrascu <eugen () imacandi net>
Date: Sat, 19 Apr 2014 11:45:09 +0300

On Sat, Apr 19, 2014 at 2:03 AM, Matthew Kaufman <matthew () matthew at> wrote:

Ignoring security, A is superior because I can change it to DNAT to the
new server, or DNAT to the load balancer now that said server needs 10
replicas, etc.

B requires re-numbering the server or *if* I am lucky enough that it is
reached by DNS name and I can change that DNS promptly, assigning a new
address and adding another firewall rule that didn't exist.

What you're describing is how to set up infrastructure to handle rapidly
changing environments in cases where the whole setup not thought out in
it's entirety to account for that.

My point with IPv6 is that we get the chance to clear up all the mess that
happened with IPv4 (or the lack of addresses in IPv4) with NATs and NATs
over even more NAT.

I'm not arguing against NAT completely in IPv6, I'm arguing against
applying IPv4 style thinking applied to IPv6.

Eugeniu

Current thread:

Re: Requirements for IPv6 Firewalls, (continued)
- - - Re: Requirements for IPv6 Firewalls TheIpv6guy . (Apr 18)
    - Re: Requirements for IPv6 Firewalls Florian Weimer (Apr 19)
    - Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 22)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
    - Re: Requirements for IPv6 Firewalls George Herbert (Apr 18)
    - Re: Requirements for IPv6 Firewalls Lee Howard (Apr 18)
    - Re: Requirements for IPv6 Firewalls Matt Palmer (Apr 18)
    - Re: Requirements for IPv6 Firewalls Gary Buhrmaster (Apr 18)
    - Re: Requirements for IPv6 Firewalls Eugeniu Patrascu (Apr 18)
    - Re: Requirements for IPv6 Firewalls Matthew Kaufman (Apr 18)
    - Re: Requirements for IPv6 Firewalls Eugeniu Patrascu (Apr 19)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
    - Re: Requirements for IPv6 Firewalls Jimmy Hess (Apr 18)
    - Re: Requirements for IPv6 Firewalls Lee Howard (Apr 18)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
    - Re: Requirements for IPv6 Firewalls George Herbert (Apr 18)
    - Re: Requirements for IPv6 Firewalls Lee Howard (Apr 21)
    - Re: Requirements for IPv6 Firewalls George Herbert (Apr 21)
  - Re: Requirements for IPv6 Firewalls Sander Steffann (Apr 17)
    - Re: Requirements for IPv6 Firewalls Brandon Ross (Apr 17)

(Thread continues...)