On Tuesday, April 22, 2003, at 06:57 PM, Spencer Dawkins wrote:
Hi, Rob,
I agree with your take from the network side, I'm thinking Terry may be looking at it from the applications side (what's the difference between one perfectly lovely address that fails unpredictably and another perfectly lovely address that also fails unpredictably? and the unknowable firewall topology is probably within a first approximation of the unknowable site topology).
The differences:
- firewalls are a necessary evil for security, whereas site locals are (maybe) not
- firewalls are a simple on/off switch and easy to change, whereas site locals have complex state and are hard to change
Firewalls and NAT / site-locals might seem to be entangled, but it's just a coincidence. They both work best in the same place in the network, so many firewalls also do NAT.
simon
-- www.simonwoodside.com -- 99% Devil, 1% Angel