James Knott said the following on 09/10/2010 10:09 AM:
[snip]
Whoopee. IPv6 is "broken" in exactly the same way that IPv4 was.
The issue is not RFC1918 addresses or equivalent, as there are many reasons why they might be used.
Good. We're getting somewhere. That's despite the RFC1627 "network 10 considered harmful" ... and RFC1918 is the revised version of RFC1597 to which RFC1627 refers. RFC1918 and the categorisation of needs that it describes, including NAT that it espouses (although not by that name) is still labelled a "best Current Practice" http://tools.ietf.org/html/bcp5
However, while RFC1918 addresses are often used with NAT, they don't have to be. They are simply addresses that are available for use, without co-ordinating with others.
The converse also applies. I can use a set of IP addresses I have been assigned and NAT those as well :-) In fact I can even be very naughty and use a set of addresses that has been assigned to someone else! Yes, very naughty. However so long as I don't do business with the group they _are_ assigned to, it gets round your problem of SSH'ing from my hotel to another site that uses RFC1918 addresses since I'm going to be certain there won't be crash Yes, very naughty! Ironically I know of a quite a few organizations that use NAT'ed subnets on addresses they have been assigned to isolate internal subnets.
The IPv6 unique local address serve a similar purpose.
And I'll bet they get NAT'ed too :-)
I have never said RFC1918 or unique local addresses are bad.
Right. Guns don't kill people.
I have said NAT is. Big difference.
Guns don't kill people. It what people do with guns that kill people. RFC1918 addresses aren't bad, its what people do with them that you say is bad. And the same can be said about IPv6 ...
RFC1918 does not require NAT, but NAT requires RFC1918, unless you're willing to to risk address conflicts.
NAT does not require RFC1918. See above. NAT is an address mapping technology. I can apply it to any addresses. I can apply it to IPv6. Some people are making the argument that IPv6 _should_ have NAT for various reasons, such as "topology hiding". http://tools.ietf.org/html/draft-iab-ipv6-nat-00 <quote> The discussions on the necessity for IPv6 NAT can be summarized as follows: network address translation is viewed as a solution to achieve a number of desired properties for individual networks: avoiding renumbering, facilitating multihoming, internal topology hiding, and in particular preventing host counting. </quote> You many not want to use those, but others will. In the days before the universality of the IP protocol suite, which I'm sure many people here recall, we had gateways for the "highly optimized" Ethernet LAN protocols from Novel, Microsoft and others, that were not themselves routable. That too was a form of NAT. Yes, it modified the protocol as well, but so does "deep inspection" filtering and sanitizing in modern firewalls and other security appliances. Big Deal.
Even then, you still risk them if using a VPN between NAT sites. With globally assigned addresses, on either IPv4 or IPv6, you don't have that problem, as globally assigned addresses are unique.
Despite the randomization algorithm, its still going to be possible to have a ULA clash :-) It his was Diskworld it would happen 9 times out of 10. IPv6 not only has a lot to recommend it, but it is going to be necessary to the survival and future of the 'Net. However slagging NAT and spreading misinformation about it does the proponents of IPv6 no credit. -- "It is impossible for a man to begin to learn what he thinks he knows". -- Epictetus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org