Mailinglist Archive: opensuse (1826 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: James Knott <james.knott@xxxxxxxxxx>
  • Date: Fri, 10 Sep 2010 10:09:48 -0400
  • Message-id: <4C8A3C2C.7020404@xxxxxxxxxx>
Anton Aylward wrote:
So, if "Network 10" and NAT is to be 'cosnidered harmfu'l then fc00::/7
and the gateway that maps those non-routable address across the 'Net is
to be 'considered harmful' as well.

In RFC4193
we have
<quote>
- Provides Local IPv6 prefixes that can be used independently of
any provider-based IPv6 unicast address allocations. This is
useful for sites not always connected to the Internet or sites
that wish to have a distinct prefix that can be used to localize
traffic inside of the site.
</quote>

Yes, the wording is different, but that is what "network 10" (and the
other unroutable IPv4 addresses) was achieving. Locally restricted
addressing that necessitated an_explicit_ (i.e. NAT'ing firewall)
gateway (aka choke point where access rules can be applied)

Whoopee. IPv6 is "broken" in exactly the same way that IPv4 was.
The issue is not RFC1918 addresses or equivalent, as there are many reasons why they might be used. However, while RFC1918 addresses are often used with NAT, they don't have to be. They are simply addresses that are available for use, without co-ordinating with others. The IPv6 unique local address serve a similar purpose. I have never said RFC1918 or unique local addresses are bad. I have said NAT is. Big difference. RFC1918 does not require NAT, but NAT requires RFC1918, unless you're willing to to risk address conflicts. Even then, you still risk them if using a VPN between NAT sites. With globally assigned addresses, on either IPv4 or IPv6, you don't have that problem, as globally assigned addresses are unique.




--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups