On Mar 30, 2009, at 11:51 PM, Keith Moore wrote:
Tom Pusateri wrote:
So once you limit NAT for IPv6 to a 1:1 mapping (i.e. you no longer
share an address), then it seems like there's isn't a big advantage
over
an application gateway.
wtf? application gateways have to be written for each protocol,
whereas
NATs do not (at least for those protocols that don't do referrals).
that makes for a huge deployment mess. it also breaks apps when the
end
points upgrade their protocols and the ALGs don't keep track.
Keith
(now if we're going to have NATs at all, I'm a big fan of having a
standard signaling/control protocol that should work for all NATs.
but
that's not the same as an application gateway)
You miss the point. If someone wants to build a big box that controls
traffic and sneakily fabricates headers, they can build a big box that
does it upfront and follows the end to end model without altering the
packets. It doesn't have to be exactly what people are calling
application gateways today.
A NAT firewall box that filters everything but the few applicatons
that they want to allow through smells alot like multiple application
gateways. Especially when they throw deep packet inspection into the
mix.
Thanks,
Tom
_______________________________________________
nat66 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nat66
