[Info-vax] implementing IPv6 on the internet

[Scott Dorsey]

In article <nrtta6$rm4$1 at gioia.aioe.org>, Chris  <syseng at gfsys.co.uk> wrote:
>
>Just another opinion and whatever it was originally designed for,
>it's turned out to be quite a sound and cost effective solution
>to the problem.

But, it's really not.  It just hides the problem, and it opens up a whole other
set of troubles.

>With IPV6, just what is meant by "firewalling for real" ?...

Your firewall has a list of internal device that can talk to the outside and
a list of internal devices that cannot.  It denies traffic from the ones that
cannot.  This is what large IPv4 sites have done for decades, and allows ready
reconfiguration.  It allows multiple devices inside the firewall to be seen
outside, if that's what you want, which you can't do when you're hiding behind
a single NAT address.

It's all clean and straight and there is a 1:1 mapping between systems, and
everybody is effectively equal in terms of how their system appears to others
(even if not in performance).  It's just like the internet used to be, before
it got crowded.
--scott

-- 
"C'est un Nagra. C'est suisse, et tres, tres precis."