In article
<cistron.Pine.LNX.4.44.0310291228200.29539-100000@login1.fas.h
arvard.edu>,
>And sometimes you use NAT because you really do not want the NAT'ed
>device to be globally addressible but it needs to have a link to the
>outside to download updates. Instrument controllers et.al.I don't understand. What is the difference between a /24
internal NATted network, and a /64 internal IPv6 network that
is firewalled
off: only paclets to the outside allowed, and packets
destined for the inside need to have a traffic flow
associated with it.As I see it, NAT is just a stateful firewall of sorts. A
broken one, so why not use a non-broken solution ?
You forget the effort required to overcome the inherent inertia of
expenditure required to use the non-broken solution...
We can only hope that IPv6 capable CPE devices have that sort
of stateful firewalling turned on by default. Or start
educating the vendors of these el-cheopo CPE devices so that
they will all have that kind of firewalling enabled before
IPv6 becomes mainstream.
CPE devices are already available.. POP gear is available. Dedicated access
shouldn't be a problem. Forget dial, what's the point.. The gear that
worries me is inbetween the PE and the CPE for broadband connections.