Rate of growth on IPv6 not fast enough?
mohacsi at niif.hu
Thu Apr 22 08:37:19 CDT 2010
On Thu, 22 Apr 2010, William Herrin wrote:
> On Wed, Apr 21, 2010 at 11:31 PM, Owen DeLong <owen at delong.com> wrote:
>> On Apr 21, 2010, at 3:26 PM, Roger Marquis wrote:
>>> William Herrin wrote:
>>>>> Not to take issue with either statement in particular, but I think there
>>>>> needs to be some consideration of what "fail" means.
>>>> Fail means that an inexperienced admin drops a router in place of the
>>>> firewall to work around a priority problem while the senior engineer
>>>> is on vacation. With NAT protecting unroutable addresses, that failure
>>>> mode fails closed.
>>> In addition to fail-closed NAT also means:
>>> * search engines and and connectivity providers cannot (easily)
>>> differentiate and/or monitor your internal hosts, and
> Having worked for comScore, I can tell you that having a fixed address
> in the lower 64 bits would make their jobs oh so much easier. Cookies
> On the other hand, I could swear I've seen a draft where the PC picks
> up random unused addresses in the lower 64 for each new outbound
> connection for anonymity purposes. Even if there is no such draft, it
> wouldn't exactly be hard to implement. It won't take NAT to anonymize
> the PCs on a LAN with IPv6.
See RFC 4941: Privacy Extensions for Stateless Address Autoconfiguration
More information about the NANOG