On Dec 6, 2010, at 5:27 AM, David Sommerseth wrote: > On 05/12/10 14:21, Tom H wrote: >> On Sun, Dec 5, 2010 at 8:13 AM, RedShift <redshift at pandora.be> wrote: >>> On 12/05/10 12:50, Rudi Ahlers wrote: >>>> >>>> (http://www.internetnews.com/infra/article.php/3915471/IPv4+Nearing+Final+Days.htm), >>> >>> Haven't switched yet, I have IPv6 at home using sixxs. >>> >>> I can't even figure out what address ranges are reserved for private use, is there even such a concept in IPv6? >> >> I think that site-local ("fec0:: - fef::") is the ipv6 >> more-or-less-equivalent of ipv4 private addresses. > > Yes, that's correct and it is deprecated. > <http://www.ietf.org/rfc/rfc3879.txt> > > With IPv6 there is plenty of addresses for everyone so you basically use > your own assigned official IPv6 address space and setup your own private > /64 net and block that subnet in your firewalls. > > Another thing, there is no NAT and it will not be implemented as we know > it in IPv4. To call NAT a security feature is also a faulty > understanding. As NAT only prevents access from outside to some > computer inside a network which is NAT'ed. This restriction and > filtering is the task of the firewall anyway, which does the NAT anyway. > > NAT basically just breaks a lot of protocols and enforces complex > firewalls which needs to understand a lot of different protocols to be > able to do things correctly. Which often do not work as well as it could. > I've heard this before but It's always confused me. Admittedly I haven't had a chance to look at the spec. If we're saying that everyone's going to have the same private subnet, then we're saying that all the private subnets are going to have to be NAT-ed aren't they?