[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: stable addressing

To: "Pekka Savola" <pekkas@netcore.fi>
Subject: RE: stable addressing
From: "Fleischman, Eric" <eric.fleischman@boeing.com>
Date: Tue, 20 Apr 2004 09:48:45 -0700
Cc: "Brian E Carpenter" <brc@zurich.ibm.com>, "Iljitsch van Beijnum" <iljitsch@muada.com>, "Multi6 List" <multi6@ops.ietf.org>

>Why don't you just deploy proxy servers at the edge of your network?  
>It allows you to talk to the outside using local addresses, while 
>disguising the internal topology as only the proxy servers' addresses 
>are known?

>Much better than deploying v6 NAT.

Pekka,

Thank you for your helpful posting. The use of proxy servers is a good suggestion, since they can also be part of a larger authenticated firewall solution. However, due to the sheer number of the internal devices that need to be exposed in a highly controlled manner (e.g., hundreds if not low-thousands of devices), proxy servers aren't likely to be able to scale to handle the job -- hence the use of authenticated NATs that are associated with the firewall.

--Eric

Follow-Ups:
- Re: stable addressing
  - From: Tim Chown <tjc@ecs.soton.ac.uk>

Prev by Date: RE: stable addressing
Next by Date: Re: stable addressing
Previous by thread: Re: F1000 requirements?
Next by thread: Re: stable addressing
Index(es):
- Date
- Thread