On Mon, Feb 19, 2024 at 9:00 AM Hunter Fuller <hf0002+nanog@uah.edu> wrote:
I guess the point I'm making is, the methods we are using today for v6 dual WAN, work fine for most people.
Hi Hunter, I accept that point. It's wobbly on some of the details, but you're talking "most" people, not everyone.
There isn't really an advantage to using v4 NAT.
I disagree with that one. Limiting discussion to the original security context (rather than the wider world of how useful IPv6 is without IPv4), IPv6 is typically delivered to "most people" without border security, while IPv4 is delivered with a stateful NAT firewall. If ISPs got diligent about providing an IPv6 firewall to customers even though they don't need to do so for the customer to use more than one computer, there'd still be a security difference between internal hosts that are externally addressable (a stateful firewall without NAT) and internal hosts which are not. Security doesn't deal with "most people," it deals with people savvy enough to find and exploit the openings and errors in the software most people use. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/