On Mon, 2010-12-06 at 17:15 -0500, Bob McConnell wrote:
So, spending one or two or 100s /64 subnets with public IPv6 addresses which is completely blocked in a firewall will serve exactly the same purpose as a site-local subnet. But this /64 net may get access to the Internet *if* allowed by the firewall. This is not possible with site-local at all. And of course, this is without NAT in addition. I hope this made it a little bit clearer.
Clear as mud. If I understand you correctly, I have to say that IPv6 is broken by design.
It isn't.
I have a double handful of computers on my home network. Each of them needs access to the Internet to get updates to the OS and various applications. However, I do *NOT* want each and every one of them to show up as a unique address outside of my network.
Why? Things will only work better. NAT is not some magic sauce, it is a *HACK*.
With IP4 and m0n0wall running as the NAT, they are all translated to the single IP address that Roadrunner assigned to my Firewall. I need to continue that mapping.
Why? There is no reason. You are wrong, you do *NOT* need to "continue that mapping". That mapping is pointless.
If IPv6 cannot do that, then I hope Time-Warner continues to ignore it and stays with their current address structure.