[oarsinsync]

> IPv6 completely sidesteps this by not even needing a state table because no NAT.

You may have forgotten that a stateful firewall that tracks inbound and outbound connections still needs memory to store a state table still applies in IPv6.

Now it also needs 8x more memory per entry, as the addresses have gone from 2x 32bit to 2x 128bit.

[Dagger2]

There's almost certainly more data in each entry than just the IP addresses, so it won't be 8x. NAT also requires a second set of entries to track the NAT session, which further equalizes it.

[gerdesj]

Absolutely. A state is protocol, ports, addresses, timers, counters and more. QoS/DSCP, firewall marks and other things add to the fun.