[CentOS] IPV4 is nearly depleted, are you ready for IPV6?

David Sommerseth dazo at users.sourceforge.net
Mon Dec 6 11:27:17 UTC 2010


On 05/12/10 14:21, Tom H wrote:
> On Sun, Dec 5, 2010 at 8:13 AM, RedShift <redshift at pandora.be> wrote:
>> On 12/05/10 12:50, Rudi Ahlers wrote:
>>>
>>> (http://www.internetnews.com/infra/article.php/3915471/IPv4+Nearing+Final+Days.htm),
>>
>> Haven't switched yet, I have IPv6 at home using sixxs.
>>
>> I can't even figure out what address ranges are reserved for private use, is there even such a concept in IPv6?
> 
> I think that site-local ("fec0:: - fef::") is the ipv6
> more-or-less-equivalent of ipv4 private addresses.

Yes, that's correct and it is deprecated.
<http://www.ietf.org/rfc/rfc3879.txt>

With IPv6 there is plenty of addresses for everyone so you basically use
your own assigned official IPv6 address space and setup your own private
/64 net and block that subnet in your firewalls.

Another thing, there is no NAT and it will not be implemented as we know
it in IPv4.  To call NAT a security feature is also a faulty
understanding.  As NAT only prevents access from outside to some
computer inside a network which is NAT'ed.  This restriction and
filtering is the task of the firewall anyway, which does the NAT anyway.

NAT basically just breaks a lot of protocols and enforces complex
firewalls which needs to understand a lot of different protocols to be
able to do things correctly.  Which often do not work as well as it could.


kind regards,

David Sommerseth




More information about the CentOS mailing list