On 2011-07-15 01:55, Jan Engelhardt wrote:
On Friday 2011-07-15 01:17, David Miller wrote:
From: Jan Engelhardt<jengelh@xxxxxxxxxx>
Date: Fri, 15 Jul 2011 01:15:47 +0200 (CEST)
Of course yours is feature-richer. But the topic of IPv6 NAT has had
come up a number of unrecollectable times, and the response has been the
same everytime - NAT is still an ugly undesired hack whose recurrence
wants to be avoided.
People want to hide the details of the topology of their
internal networks,
And IPv6 Privacy w.r.t. random address selection, combined with a
firewall, won't do that?
Be rational.
How would you imagine managing and maintaining a typical corporate
network (1K+ devices) of different devices and operating systems -
workstations (Windows, Mac, Linux), servers (Windows, Linux, BSD)
routers, switches (radius), firewalls, APs, etc; without static IP
addresses? Static = not random.
Also, how would you imagine readressing such network one day, when you
decide to change your ISP?
Without NAT (and BTW without working and complete L3 security in
switches) no one will consider IPv6 seriously nor dare to implement it
in production. Of course NAT does not provide security but it provides a
real and useful privacy, opposite to annoying randomness.
Best regards,
Krzysztof Olędzki
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
