[AusNOG] IPv4 Exhaustion date changed to December.

Dobbins, Roland rdobbins at arbor.net
Tue Jun 22 16:18:33 EST 2010


On Jun 22, 2010, at 6:37 AM, Mark Andrews wrote:

>  NAT vs encapsulation is about equal cost in the CPE device.

Yes - they both maintain an undesirable and extremely dangerous amount of state, making the devices and the networks/notes/users behind them considerably more vulnerable to either deliberate or inadvertent DDoS, due to state-table exhaustion.

NAT and encapsulation are both evil things from the standpoint of opsec, not to mention complexity/troubleshooting, et. al.  Unfortunately, we're going to see more and more of them deployed, and without any attempt to harden/protect them against attack.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken






More information about the AusNOG mailing list