Mailinglist Archive: opensuse (1826 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: Anton Aylward <anton.aylward@xxxxxxxxxx>
  • Date: Fri, 10 Sep 2010 13:19:03 -0400
  • Message-id: <4C8A6887.6040802@xxxxxxxxxx>
James Knott said the following on 09/10/2010 10:09 AM:
[snip]



Whoopee. IPv6 is "broken" in exactly the same way that IPv4 was.

The issue is not RFC1918 addresses or equivalent, as there are many
reasons why they might be used.

Good. We're getting somewhere.
That's despite the
RFC1627 "network 10 considered harmful" ... and RFC1918 is the revised
version of RFC1597 to which RFC1627 refers. RFC1918 and the
categorisation of needs that it describes, including NAT that it
espouses (although not by that name) is still labelled a "best Current
Practice" http://tools.ietf.org/html/bcp5


However, while RFC1918 addresses are
often used with NAT, they don't have to be. They are simply addresses
that are available for use, without co-ordinating with others.

The converse also applies. I can use a set of IP addresses I have been
assigned and NAT those as well :-)

In fact I can even be very naughty and use a set of addresses that has
been assigned to someone else! Yes, very naughty. However so long as I
don't do business with the group they _are_ assigned to, it gets round
your problem of SSH'ing from my hotel to another site that uses RFC1918
addresses since I'm going to be certain there won't be crash

Yes, very naughty!

Ironically I know of a quite a few organizations that use NAT'ed subnets
on addresses they have been assigned to isolate internal subnets.


The IPv6
unique local address serve a similar purpose.

And I'll bet they get NAT'ed too :-)


I have never said RFC1918
or unique local addresses are bad.

Right.
Guns don't kill people.

I have said NAT is. Big difference.

Guns don't kill people. It what people do with guns that kill people.
RFC1918 addresses aren't bad, its what people do with them that you say
is bad.

And the same can be said about IPv6 ...


RFC1918 does not require NAT, but NAT requires RFC1918,
unless you're willing to to risk address conflicts.

NAT does not require RFC1918. See above.
NAT is an address mapping technology. I can apply it to any addresses.
I can apply it to IPv6. Some people are making the argument that IPv6
_should_ have NAT for various reasons, such as "topology hiding".
http://tools.ietf.org/html/draft-iab-ipv6-nat-00

<quote>
The discussions on the necessity for IPv6 NAT can be summarized as
follows: network address translation is viewed as a solution to
achieve a number of desired properties for individual networks:
avoiding renumbering, facilitating multihoming, internal topology
hiding, and in particular preventing host counting.
</quote>

You many not want to use those, but others will.

In the days before the universality of the IP protocol suite, which I'm
sure many people here recall, we had gateways for the "highly optimized"
Ethernet LAN protocols from Novel, Microsoft and others, that were not
themselves routable.

That too was a form of NAT.

Yes, it modified the protocol as well, but so does "deep inspection"
filtering and sanitizing in modern firewalls and other security appliances.

Big Deal.

Even then, you
still risk them if using a VPN between NAT sites. With globally
assigned addresses, on either IPv4 or IPv6, you don't have that problem,
as globally assigned addresses are unique.

Despite the randomization algorithm, its still going to be possible to
have a ULA clash :-) It his was Diskworld it would happen 9 times out
of 10.


IPv6 not only has a lot to recommend it, but it is going to be necessary
to the survival and future of the 'Net. However slagging NAT and
spreading misinformation about it does the proponents of IPv6 no credit.

--
"It is impossible for a man to begin to learn what he thinks he knows".
-- Epictetus
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread