If you are running an HA pair, why would you care which box it went back through?
-Grant On Monday, July 16, 2012, Mark Andrews wrote: > > In message <CAD8GWsswFwnPKTfxt= > squumzofs3_-yrihy8o4gt3w9+x6f...@mail.gmail.com <javascript:;>>, Lee > writes: > > On 7/16/12, Owen DeLong <o...@delong.com <javascript:;>> wrote: > > > > > > Why would you want NAT66? ICK!!! One of the best benefits of IPv6 is > being > > > able to eliminate NAT. NAT was a necessary evil for IPv4 address > > > conservation. It has no good use in IPv6. > > > > NAT is good for getting the return traffic to the right firewall. How > > else do you deal with multiple firewalls & asymmetric routing? > > Traffic goes where the routing protocols direct it. NAT doesn't > help this and may actually hinder as the source address cannot be > used internally to direct traffic to the correct egress point. > > Instead you need internal routers that have to try to track traffic > flows rather than making simple decisions based on source and > destination addresess. > > Applications that use multiple connections may not always end up > with consistent external source addresses. > > > Yes, it's possible to get traffic back to the right place without NAT. > > But is it as easy as just NATing the outbound traffic at the > > firewall? > > It can be and it can be easier to debug without NAT mangling > addresses. > > The only thing helpful NAT66 does is delay the externally visible > source address selection until the packet passes the NAT66 box. > > Mark > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org<javascript:;> > >