Rate of growth on IPv6 not fast enough?
Jack Bates
jbates at brightok.net
Fri Apr 23 13:17:32 UTC 2010
Matthew Kaufman wrote:
> But none of this does what NAT does for a big enterprise, which is to
> *hide internal topology*. Yes, addressing the privacy concerns that come
> from using lower-64-bits-derived-from-MAC-address is required, but it is
> also necessary (for some organizations) to make it impossible to tell
> that this host is on the same subnet as that other host, as that would
> expose information like which host you might want to attack in order to
> get access to the financial or medical records, as well as whether or
> not the executive floor is where these interesting website hits came from.
>
Which is why some firewalls already support NAT for IPv6 in some form or
fashion. These same firewalls will also usually have layer 7
proxy/filtering support as well. The concerns and breakage of a
corporate network are extreme compared to non-corporate networks.
Jack
More information about the NANOG
mailing list