[125807] in North American Network Operators' Group
Re: Rate of growth on IPv6 not fast enough?
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri Apr 23 10:12:54 2010
From: Owen DeLong <owen@delong.com>
In-Reply-To: <4BD19DEC.1080805@brightok.net>
Date: Fri, 23 Apr 2010 07:04:49 -0700
To: Jack Bates <jbates@brightok.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Apr 23, 2010, at 6:17 AM, Jack Bates wrote:
> Matthew Kaufman wrote:
>> But none of this does what NAT does for a big enterprise, which is to =
*hide internal topology*. Yes, addressing the privacy concerns that come =
from using lower-64-bits-derived-from-MAC-address is required, but it is =
also necessary (for some organizations) to make it impossible to tell =
that this host is on the same subnet as that other host, as that would =
expose information like which host you might want to attack in order to =
get access to the financial or medical records, as well as whether or =
not the executive floor is where these interesting website hits came =
from.
>=20
> Which is why some firewalls already support NAT for IPv6 in some form =
or fashion. These same firewalls will also usually have layer 7 =
proxy/filtering support as well. The concerns and breakage of a =
corporate network are extreme compared to non-corporate networks.
>=20
>=20
> Jack
That is sad news, indeed. Hopefully it won't lead to NAT-T becoming a =
common part of software as the ISVs catch on to IPv6.
Owen
