On Mon, 19 Apr 2010, Edward Ned Harvey wrote: >> From: discuss-boun...@lopsa.org [mailto:discuss-boun...@lopsa.org] On >> Behalf Of da...@lang.hm >> >> NAT is also useful to hide internal details of a network when you don't >> want them exposed. > > Actually, I agree, this is a very valid use case for NAT with IPv6. > > By comparison to IPv4: you've only got a few external IP addresses, so > you've got to map many internal addresses to a single external. Hence any > inbound traffic is destined for an unknown internal machine, and hence p2p > is essentially impossible. > > With IPv6 if you wish, you can NAT every internal IP address to its own > unique external address. I understand mathematically speaking that might > not be true (you could have 64million internal IP's and only 64thousand > external ones) but practically speaking it is true.
What's the advantage of useing NAT to map every internal address to it's own external address? why not use those external addresses directly? You have added an extra layer of complexity and I don't see the benifit. >> the road, so it's already hardened), but when you start to expose your >> printer, tv, game console..... do you really trust that all of those >> vendors have hardened their machines to be reasonably safe if exposed >> directly to the Internet? > > At present, the printer and toaster are safe from the Internet because they > are not reachable from the internet. There's not a lot of reason for the > toaster to support IPv6, but even if it does, there's nothing forcing it to > take an internet routable IPv6 address. It can function perfectly well > using a link-local address only. Which is analogous to the way it presently > works, just using more address bits. ahh, but with the way IPv6 is 'supposed' to work, those link-level addresses are supposed to be routable (and there's no reason to not have them be routable from an addressing point of view) If these devices do not support IPv6 then they won't work on the future IPv6-only networks that the 'experts' keel telling us are comeing soon. > If it did support IPv6, the use case is pretty ... uncommon ... but still > nice to know you could if you want to. If you wanted to, check your ink > levels from your mobile device while you're at Staples looking at a good > deal on ink. Or whatever. > > Who am I kidding! There will never be a good deal on ink at Staples! ;-) Sure, and it will let the spammers bypass your e-mail and just scan the net for printers and print the spam directly, how convienient. David Lang _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
