On 12/07/2010 05:13 AM, David Sommerseth wrote: > On 07/12/10 02:26, Les Mikesell wrote: > >> On 12/6/10 6:27 PM, Brian Mathis wrote: >> >>> You are enjoying a side-effect of NAT by thinking it >>> is a firewall. >>> >> The other nice side-effect of NAT is that you get an effectively infinite number >> of addresses behind it without any pre-arrangement with anyone else. Even if >> ISPs hand out what they expect to reasonably-sized blocks, won't it be much >> harder to deal with when you outgrow your allotment? We've had the opportunity >> to move to ipv6 for ages but we haven't (in the US, anyway). I think the reason >> is that most people like the way NAT works and don't really want a public >> address on every device. >> > So you are afraid of out-growing from an assigned /48 net? Let's do > some math here ... and I hope I get it right ... > > IPv4: aa:bb:cc:dd .... that's 32 bit > IPv6: aaaa:aaaa:aaaa:: .... this is 48 bits out of 128bits > > In the IPv6 scenario, you have been assigned 'aaaa:aaaa:aaaa::' as your > IPv6 prefix by your ISP. > > So that means that you have 128-48 bits available for your own > addressing scheme. That is 80 bits you have absolutely full control > over. Of course, it's recommended to have subnets no smaller than 64 > bits. So that makes it: > > IPv6 /64 subnets: aaaa:aaaa:aaaa:bbbb:: > > That means you have 16 bits for subnets. 2^16 = 65536 subnets, each > with 64bit addressing. And if my math doesn't fail me now, a 64 bit > addressing scheme is doubling the IPv4 address scope 32 times. > > What I mean is that from 32 bit to 33 bit, you have 2 * 32 bit > addressing scope. from 32 to 34, you have you have 4 * 32 bit > addressing scope. For each bit you add, you double what you had. > > It is simply insanely many addresses. And if you fear that ISPs or IANA > might run out of address spaces. Remember that they have 48 bits to > play with, which is the IPv4 address scope doubled 16 times. > > Of course some ISP's will probably just hand out /64 networks to most of > their customers (most probably to home users). But that's another > story. And a /64 network is possible but not so easy to subnet further, > and is also not recommended. > > > ISP's are supposed to hand out /48's so you can move to a new ISP without having to disrupt your internal addressing. > kind regards, > > David Sommerseth > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- Stephen Clark *NetWolves* Sr. Software Engineer III Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.clark at netwolves.com http://www.netwolves.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20101207/c7c6e698/attachment-0005.html>