[125797] in North American Network Operators' Group
Re: Rate of growth on IPv6 not fast enough?
daemon@ATHENA.MIT.EDU (Jack Bates)
Fri Apr 23 09:20:31 2010
Date: Fri, 23 Apr 2010 08:17:32 -0500
From: Jack Bates <jbates@brightok.net>
To: matthew@matthew.at
In-Reply-To: <4BD12DC0.6080004@matthew.at>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Matthew Kaufman wrote:
> But none of this does what NAT does for a big enterprise, which is to
> *hide internal topology*. Yes, addressing the privacy concerns that come
> from using lower-64-bits-derived-from-MAC-address is required, but it is
> also necessary (for some organizations) to make it impossible to tell
> that this host is on the same subnet as that other host, as that would
> expose information like which host you might want to attack in order to
> get access to the financial or medical records, as well as whether or
> not the executive floor is where these interesting website hits came from.
>
Which is why some firewalls already support NAT for IPv6 in some form or
fashion. These same firewalls will also usually have layer 7
proxy/filtering support as well. The concerns and breakage of a
corporate network are extreme compared to non-corporate networks.
Jack
