[CentOS] IPV4 is nearly depleted, are you ready for IPV6?

Tue Dec 7 16:16:41 UTC 2010
Les Mikesell <lesmikesell at gmail.com>

On 12/7/10 9:04 AM, Adam Tauno Williams wrote:
>
>> The other nice side-effect of NAT is that you get an effectively infinite number
>> of addresses behind it without any pre-arrangement with anyone else.  Even if
>> ISPs hand out what they expect to reasonably-sized blocks, won't it be much
>> harder to deal with when you outgrow your allotment?  We've had the opportunity
>> to move to ipv6 for ages but we haven't (in the US, anyway).  I think the reason
>> is that most people like the way NAT works and don't really want a public
>> address on every device.
>
> Bogus.  The reason is that they haven't been pressured into adoption by
> higher powers; so we will get into a nice scramble to migrate in a
> pinch.

Agreed, but the reason that hasn't happened is that there's no visible benefit 
to the consumer.

> "most people" have no idea what NAT is, don't care, and shouldn't have
> to care.

Agreed again, but the reason is that the vast majority only want outbound client 
connections and they would be perfectly happy if application protocols adapted 
to client registration to some central registry for portability instead of ever 
assuming that a person or associated application had anything to do with any 
particular device or fixed address.  Compare the number of people who use an 
IM/chat application to the number who have directly reachable SIP endpoints 
without a forwarding service, for example.  There are good reasons for that.

> Some people's belief that NAT is some magic sauce that makes them more
> secure [it does not] or provides them more flexibility [it does not]
> than real addresses ... causes the people who understand networking to
> have to spend time explaining that their love of NAT is misguided and
> their beliefs about NAT are bogus.

If the ipv6 routers come with defaults that work the same as current NAT 
routers, people will be able to continue to misunderstand them happily. That is, 
permit outbound client connections from anything connected behind them without 
much regard to how many devices there are, and block everything else.

-- 
   Les Mikesell
     lesmikesell at gmail.com