Noel Chiappa wrote: > ... > security alone demands that we be able to > move some functionality to a "site border router", or some > such. Why does security demand an external border? Is that based on the assumption that the host is too stupid to protect itself? If it is based on having an app listening on a port with the intent of local use, but expecting a border device to protect that app from remote use (or abuse), is that the right deployment model? Is the lack of a clear IPv4 way to identify locality at the root of your claim? Tony