From owner-freebsd-current@FreeBSD.ORG Tue Jul 29 16:54:29 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0981C42A for ; Tue, 29 Jul 2014 16:54:29 +0000 (UTC) Received: from mail-lb0-x230.google.com (mail-lb0-x230.google.com [IPv6:2a00:1450:4010:c04::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 83F95280F for ; Tue, 29 Jul 2014 16:54:28 +0000 (UTC) Received: by mail-lb0-f176.google.com with SMTP id u10so7193525lbd.35 for ; Tue, 29 Jul 2014 09:54:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=v6eSx6Zr/G8W4FtSz4mpm8qEZV4a3hetLJeUa2ufJis=; b=YwCmW3uv3PhtU2oFjkc0HMnuuxrON2G1lGw4zmSiqRrD1Iuwhk7XDmLkmAzkCPBVV0 tRyZCLOfT1M4KualIG6tZZF3XuvIz+HQyIhhCqLntlC8ApW6ytWOdLt70PklBtpTUqRG r57Qzs25knGgCC6yswAqRFtrWVBL7Uz0x0Rt2bBsP650E2+rcXWJCSN/JHG2R9IL1PHU og93JnPjzVBDmeEBOQwZwwQqQ0GWs8cozoj2iDgNDpuZRbwx4GOttyxE2GdlbaQzIMra 29874JgHsG1e0oyuyQG0/ROyq2NXSNkCwhlf3VNel0ZC10w5RzhQVYZYYIGaypeIfn/J vg8Q== MIME-Version: 1.0 X-Received: by 10.112.204.164 with SMTP id kz4mr3563613lbc.15.1406652866383; Tue, 29 Jul 2014 09:54:26 -0700 (PDT) Sender: kob6558@gmail.com Received: by 10.112.215.73 with HTTP; Tue, 29 Jul 2014 09:54:26 -0700 (PDT) In-Reply-To: <444fc5248aaa7d474cf9bde66f3d7f64@mailbox.ijs.si> References: <201407291320.s6TDK5ZS005328@slippy.cwsent.com> <444fc5248aaa7d474cf9bde66f3d7f64@mailbox.ijs.si> Date: Tue, 29 Jul 2014 09:54:26 -0700 X-Google-Sender-Auth: WjLM1bonDpqG-_RcRwJ9iO5c42w Message-ID: Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? From: Kevin Oberman To: Mark Martinec Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18 Cc: FreeBSD Current X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2014 16:54:29 -0000 On Tue, Jul 29, 2014 at 7:48 AM, Mark Martinec wrote: > me wrote: > >> we are talking about NAT64 (IPv6-only datacenter's path to a legacy >> world), >> and NPT66 (prefix transalation). I doubt anyone had a traditional NAT in >> mind. >> > > Kevin Oberman wrote: > >> No, all of the messages in the thread are specific about NAT66, not NPT66. >> NPT66 may have real value. I hate it, but it may well be better than >> alternatives. [...] >> > > Cy Schubert wrote: > >> That I don't disagree with, IPv6 NAT makes no logical sense. Having said >> that I've received emails asking about NAT66 specifically. It is on >> people's minds. >> > > My impression is that often the term NAT66 is used indiscriminately, > even when NPT66 (static prefix translation) is meant. > > Mark > > I would hope that is not the case. While NAT66 is "well known" and has been a topic of discussion for years, NPT66 is relatively new. It does share many concepts with NAT66 (and, most likely implementations also share code), but does not require any state, making it vastly less complex and no longer breaks point to point networking. The names look similar, which may result in unfortunate confusion, but NPT66 may be the bast solution to a real problem and it does not create the issues of NAT66. -- R. Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com