[CentOS] IPV4 is nearly depleted, are you ready for IPV6?

Lamar Owen lowen at pari.edu
Tue Dec 7 15:11:34 UTC 2010


On Tuesday, December 07, 2010 05:29:09 am Adam Tauno Williams wrote:
> On Mon, 2010-12-06 at 18:28 -0500, Bob McConnell wrote: 
> > No, the downside is that each address used will be exposed to the world.

> False.  That is *NOT* a downside.

In your opinion.  Others hold a different opinion.  While security through obscurity doesn't help in many circumstances, there are physical security controls that absolutely depend upon it, and work.  Physical lock and key, for one (the pinning must be kept obscure).  Physical combination locks, for another; they depend upon keeping the gates in the wheels obscure.  For that matter, any security that depends on any 'secret' is in essence a security through obscurity technique.  Port knocking is a security through obscurity technique (which works quite well).

And a NAT66 will be implemented, and people *will* NAT66 their self-assigned ULA addresses (which, unlike PA /48's are portable; the alternative is all end users wanting portability getting PI /48's, and the router ops are getting their selves in a knot thinking about the route table bloat that will cause) to whatever the PA du jour is.  

This *will* happen, and no amount of wishful thinking by transparent-Internet-idealogues is going to change it, since this is and will be the market demand.  Whether you and I like it or not, this is the direction things are going; we might as well get used to it.

You can read the NAT66 draft standard yourself at (one mirror) http://mirror.switch.ch/ftp/mirror/internet-drafts/draft-mrw-nat66-00.txt



More information about the CentOS mailing list