Rate of growth on IPv6 not fast enough?

Jack Bates jbates at brightok.net
Fri Apr 23 13:17:32 UTC 2010


Matthew Kaufman wrote:
> But none of this does what NAT does for a big enterprise, which is to 
> *hide internal topology*. Yes, addressing the privacy concerns that come 
> from using lower-64-bits-derived-from-MAC-address is required, but it is 
> also necessary (for some organizations) to make it impossible to tell 
> that this host is on the same subnet as that other host, as that would 
> expose information like which host you might want to attack in order to 
> get access to the financial or medical records, as well as whether or 
> not the executive floor is where these interesting website hits came from.
> 

Which is why some firewalls already support NAT for IPv6 in some form or 
fashion. These same firewalls will also usually have layer 7 
proxy/filtering support as well. The concerns and breakage of a 
corporate network are extreme compared to non-corporate networks.


Jack




More information about the NANOG mailing list