[CentOS] IPV4 is nearly depleted, are you ready for IPV6?

Mon Dec 6 11:27:17 UTC 2010
David Sommerseth <dazo at users.sourceforge.net>

On 05/12/10 14:21, Tom H wrote:
> On Sun, Dec 5, 2010 at 8:13 AM, RedShift <redshift at pandora.be> wrote:
>> On 12/05/10 12:50, Rudi Ahlers wrote:
>>>
>>> (http://www.internetnews.com/infra/article.php/3915471/IPv4+Nearing+Final+Days.htm),
>>
>> Haven't switched yet, I have IPv6 at home using sixxs.
>>
>> I can't even figure out what address ranges are reserved for private use, is there even such a concept in IPv6?
> 
> I think that site-local ("fec0:: - fef::") is the ipv6
> more-or-less-equivalent of ipv4 private addresses.

Yes, that's correct and it is deprecated.
<http://www.ietf.org/rfc/rfc3879.txt>

With IPv6 there is plenty of addresses for everyone so you basically use
your own assigned official IPv6 address space and setup your own private
/64 net and block that subnet in your firewalls.

Another thing, there is no NAT and it will not be implemented as we know
it in IPv4.  To call NAT a security feature is also a faulty
understanding.  As NAT only prevents access from outside to some
computer inside a network which is NAT'ed.  This restriction and
filtering is the task of the firewall anyway, which does the NAT anyway.

NAT basically just breaks a lot of protocols and enforces complex
firewalls which needs to understand a lot of different protocols to be
able to do things correctly.  Which often do not work as well as it could.


kind regards,

David Sommerseth