Re: IPv4 flag day

[Marco Moock via NANOG <nanog () lists nanog org>]

Am 19.06.26 um 21:04 schrieb William Herrin via NANOG:
> Enterprise, on the other hand, is definitely going NAT. Renumbering is
> painful even with IPv6. And they're very leery of 1:1 NAT -- they've
> made security configuration mistakes before and trust 1:many NAT to
> offer a layer of protection while those mistakes are detected and
> fixed. They take arguments against NAT to mean that IPv6 is not yet
> ripe for deployment with the sort of robust security frameworks they
> enjoy in IPv4.

Then they should go to training regarding IPv6 SPI firewalls.
Every residential customer CPE has it, so they can use it too. The 
devices that support IPv4 NAT will most likely also support SPI-FW for 
IPv6. At least Cisco does.

--
Gruß
Marco

Junk-Mail bitte an trashcan () stinkedores dorfdsl de
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/VDIOVGB4FOBWIBAKK3D5VL4L7LL54DML/