[AusNOG] IPv4 Exhaustion, APNIC EC, and James is a nice bloke ; -)

Robert Brockway robert at timetraveller.org
Thu Jul 31 03:41:14 EST 2008


On Sat, 19 Jul 2008, Steve Baxter wrote:

Kris Price wrote:
>> NAT != security.
>
> Yes, but NAT is far better than everything in your house being globally
> addressable - by anybody !

Well I have rather expected the solution to that is a firewall.  Just 
because the addresses are globally routable doesn't mean you have to allow 
anyone in.  I'm actually surprised this is even being raised given that 
firewalls are already readily available for home use.

NAT was a hack to get around a specific problem. The problem is going to 
go away and NAT should go away with it.

As for IP fridges and the like, the ability to get dynamic firmware 
updates has nothing to do with NAT existing on the network or not.  That 
could be done right now - the fridge is going to be initiating the 
connection, not the manufacturer as they have no way of knowing where the 
fridge is (network-wise) before it calls home.  The fridge can easily open 
a VPN connection home so the manufacturer can push updates over it.  This 
can occur with or without NAT in IPv4 or IPv6.  I expect firmware updates 
on IP connected appliances will be configurable.  This is consistent with 
existing devices.

Rob

-- 
"With sufficient thrust, pigs fly just fine..."
 	-- RFC 1925 "The Twelve Networking Truths"



More information about the AusNOG mailing list