>>>>> "Imran" == Imran Patel <ipatel@xxxxxxxxxxxxxx> writes:
Imran> IPv6 ;-) IPv6 connection tracking is useful for NAT-PT. However,
Imran> other options on top of IPv6 conntrack like masquerading, v6-v6
Imran> NAT, etc look useless and silly.
connection tracking is useful for:
- stateful packet inspection
- IPsec
- queuing/scheduling decisions
The ability to make a decision for a microflow once and then remember it
efficiently for that microflow is very useful. NAT/NAPT is just one situation
where it is required.
One hopes that IPv6 NAT will never be needed.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@xxxxxxxxxxxxxxxxxxxxxx http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
|