RE: stable addressing

["Bound, Jim" <jim.bound@hp.com>]

also there are three firewalls we are testing now on moonv6
www.moonv6.org and the DOD is testing it too.  Checkpoint, Netscreen,
and Cisco IOS firewall.  We have also tested E2E IPsec native IPv6
across the U.S. peerings and it works.  So products are appearing now.
IPv6 permits you to have E2E trust models or filters ones choice.  And I
speak with many Fortune 100 people and many of them want NAT gone and
prefer firewalls with global addresses which are optimized for
performance and implementation.  We will be soon adding to those tests
nets in China and Korea. 

My last mail on this as I don't get what this topic adds to the
multihome problem?  At least for me?

Regards,
/jim 

> -----Original Message-----
> From: owner-multi6@ops.ietf.org 
> [mailto:owner-multi6@ops.ietf.org] On Behalf Of Fleischman, Eric
> Sent: Tuesday, April 20, 2004 12:49 PM
> To: Pekka Savola
> Cc: Brian E Carpenter; Iljitsch van Beijnum; Multi6 List
> Subject: RE: stable addressing
> 
> >Why don't you just deploy proxy servers at the edge of your 
> network?  
> >It allows you to talk to the outside using local addresses, while 
> >disguising the internal topology as only the proxy servers' 
> addresses 
> >are known?
> 
> >Much better than deploying v6 NAT.
> 
> Pekka,
> 
> Thank you for your helpful posting. The use of proxy servers 
> is a good suggestion, since they can also be part of a larger 
> authenticated firewall solution. However, due to the sheer 
> number of the internal devices that need to be exposed in a 
> highly controlled manner (e.g., hundreds if not low-thousands 
> of devices), proxy servers aren't likely to be able to scale 
> to handle the job -- hence the use of authenticated NATs that 
> are associated with the firewall.
> 
> --Eric
> 
> 
> 
>