| |||||||||||||
World IPv6 Launch: this time it's for real (ars technica)World IPv6 Launch: this time it's for real (ars technica)Posted Jan 20, 2012 18:49 UTC (Fri) by jeleinweber (subscriber, #8326)In reply to: World IPv6 Launch: this time it's for real (ars technica) by rvfh Parent article: World IPv6 Launch: this time it's for real (ars technica)
IPv6 regains the end-to-end transparency that we lost with the introduction of NAT in 1994, but that doesn't mean you have to expose everything. Most high value stuff now is hiding behind:
non-routable addresses <-> application proxy <-> stateful firewall
and you can use that architecture with v6 just as well as with v4, only minus the NAT.
However, it's currently a bad idea to mix private v6 ("unique local addresses", fc00::/7 prefix) and global public v6 (2000::/3 prefix) on the same host. Stick to just one or the other.
The bonus side of end-to-end transparency is that you don't have 500 million NAT devices standing in the way of protocol innovation and multicast. We might stave off the next congestion collapse yet ...
(Log in to post comments)
World IPv6 Launch: this time it's for real (ars technica) Posted Jan 20, 2012 19:05 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]
Mixing ULA and global addresses actually works pretty OK. Just make sure that your Internet gateway announces only the global prefix.
World IPv6 Launch: this time it's for real (ars technica) Posted Jan 21, 2012 3:33 UTC (Sat) by foom (subscriber, #14868) [Link]
Well, there's not actually end-to-end transparency while you have that stateful firewall box sitting in the middle there...and since every home network is likely to have a stateful firewall that blocks everything by default, there's really no improvement in terms of what application protocol developers can expect to see in the real world.
World IPv6 Launch: this time it's for real (ars technica) Posted Jan 23, 2012 3:40 UTC (Mon) by Lukehasnoname (subscriber, #65152) [Link]
Could one not use stateful bridging firewalls?
|
|||||||||||||