Mark Newton wrote:
On a commodity consumer CPE device, the ALG code doubles as a
stateful inspection engine.
So it _is_ required when address translations are not being performed.
Hmmmm, the code may be there, but I suspect that not all of it will
apply to v6 and be used.
Is security something that gets thought about now, or post-deployment?
I suspect that depends on who you ask. Security is always the top of my
list. That being said, what security is there in removing NAT from v4
because it broke what the customer wanted to do? Then they are back to
their host based stateful firewall; which apparently everyone believes
is not good enough. Might as well throw in v6 and trash the NAT.
Jack
