On Oct 29, 2010, at 11:20 AM, james woodyatt wrote: > On Oct 29, 2010, at 09:46, Rémi Després wrote: > >> 3. Sec 13 has "it is RECOMMENDED that NAT66 devices include an IPv6 firewall >> function, and the firewall function SHOULD be configured by default to block >> all incoming connections." >> Wouldn't a reference to draft-ietf-v6ops-cpe-simple-security be appropriate? > > I-D.ietf-v6ops-cpe-simple-security is about residential gateways, with > special emphasis on unmanaged configuration. I thought we didn't believe > that was an appropriate scenario for NAT66 usage?
I don't see why not. Note that, as I pointed out the other day, NTT is pushing the work in MIF as a requirement for them to not deploy network prefix translation and is specifically pointing to this draft as their alternative. Their scenario is a mandated multihoming of every Japanese home. Their scenario is common DSL last mile that connects each of the ISPs (including NTT's ISP business) and also a separate video-on-demand network. So every home has at least the national video-on-demand service, which is from a topology/upstream perspective a separate service provider operated by NTT but only provides access to the video content, plus as many ISPs as it wants to contract with. Every home is multihomed, every ISP including the video service implements BCP 38, and if we don't sort out the issues that Arifumi has been wrestling with for however long, they plan to deploy NAT66 to the home. > -- > james woodyatt <[email protected]> > member of technical staff, communications engineering > > > _______________________________________________ > nat66 mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/nat66 _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
