Rate of growth on IPv6 not fast enough?

Mohacsi Janos mohacsi at niif.hu
Thu Apr 22 08:37:19 CDT 2010



On Thu, 22 Apr 2010, William Herrin wrote:

> On Wed, Apr 21, 2010 at 11:31 PM, Owen DeLong <owen at delong.com> wrote:
>> On Apr 21, 2010, at 3:26 PM, Roger Marquis wrote:
>>> William Herrin wrote:
>>>>> Not to take issue with either statement in particular, but I think there
>>>>> needs to be some consideration of what "fail" means.
>>>>
>>>> Fail means that an inexperienced admin drops a router in place of the
>>>> firewall to work around a priority problem while the senior engineer
>>>> is on vacation. With NAT protecting unroutable addresses, that failure
>>>> mode fails closed.
>>>
>>> In addition to fail-closed NAT also means:
>>>
>>>  * search engines and and connectivity providers cannot (easily)
>>>  differentiate and/or monitor your internal hosts, and
>>>
>> Right, because nobody has figured out Javascript and Cookies.
>
> Having worked for comScore, I can tell you that having a fixed address
> in the lower 64 bits would make their jobs oh so much easier. Cookies
> and javascript are of very limited utility.
>
> On the other hand, I could swear I've seen a draft where the PC picks
> up random unused addresses in the lower 64 for each new outbound
> connection for anonymity purposes. Even if there is no such draft, it
> wouldn't exactly be hard to implement. It won't take NAT to anonymize
> the PCs on a LAN with IPv6.


See RFC 4941: Privacy Extensions for Stateless Address Autoconfiguration 
in IPv6.

Regards,
 	Janos Mohacsi



More information about the NANOG mailing list