ietf
[Top] [All Lists]

Re: The Devil's in the Deployment RE: NATs as firewalls

2007-03-05 13:43:48

    We have IPv6 Locally Assigned Local Addresses.

Doesn't this presume that if people used these locally assigned
addresses they would then NAT to a public address space?

        No.  Locally Assigned Local Addresses are for talking to
        other machines within the locally assigned realm/scope.
 
I think the main thing folks might miss is that a lot of people really
want all of this on a single address--while having multiple addresses
concurrent on a single machine is acceptable for larger machines,
specifically servers, having multiples on a single host as a general
rule hasn't met with much in the way of acceptability for the vast
majority of hosts.

        Most people really don't care what address a machine has.
        They basically only ever use it as a client machine. You
        don't need fixed addresses for these machines.  You just
        need a address that can reach the servers you want to
        talk to.

        You then have the few servers.  For these you decide what
        clients they serve and give them addresses to match.  These
        addresses along with relevent ports for the services they
        are offering make it into firewalls, etc.

        Servers are also clients so they also use the same techiques
        as pure clients when choosing the address they use to initiate
        connections.

At least that's what I'm hearing.

:-)

Russ


- --
riw(_at_)cisco(_dot_)com CCIE <>< Grace Alone

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF7CNVER27sUhU9OQRAqf0AKCZuM30XPZO5SUYkFKpuueq3q/MIQCg/5k1
TeUcUHxrrjd755ovY1cG1/E=
=i0+D
-----END PGP SIGNATURE-----
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews(_at_)isc(_dot_)org

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf