ietf
[Top] [All Lists]

RE: Why IPv6 is a must?

2001-11-28 13:30:04
Charles Adams wrote:
If there is a means for all hosts to have addresses that are
reachable from
all other hosts (barring that a security policy is in place),
will companies
renumber their internal networks to coincide with this
addressing scheme?

If we (the Internet community) used private addresses and NAT
for all hosts
that do not want/need/require access from the Internet, would
the addressing
problem be as much of a problem as it appears to be?  If we
are as generous
with the IPv6 addresses, how soon before we have the same
address problem?


If you want a set of hosts to be only reachable internally, then set the
policy to use site local addresses. For the set of nodes that need both
internal addresses and external addresses, you don't need NAT like you
do for IPv4, because each IPv6 host will have both a site-local & a
global address to use. This will use exactly the same amount of address
space as a static-mapped non-port-sharing IPv4 NAT, and has exactly the
same security implications. The difference is that with IPv6, the end
host knows its real address, and can take advantage of that knowledge
for protocols that need it (IPsec, H.323, FTP, etc). THe only way the
IPv4/NAT scenario limits address usage is when ports are shared, which
limits which devices get a given port and when.

Tony



<Prev in Thread] Current Thread [Next in Thread>