Hi > How would you imagine managing and maintaining a typical corporate > network (1K+ devices) of different devices and operating systems - > workstations (Windows, Mac, Linux), servers (Windows, Linux, BSD) > routers, switches (radius), firewalls, APs, etc; without static IP > addresses? Static = not random. I agree. Can't see how you would (unless dynamic DNS started to work a whole lot better than today...) > Also, how would you imagine readressing such network one day, when you > decide to change your ISP? Aha. This is a statement that you don't believe PI space will become easier to access when requesting IPV6 space? There seems to be sufficient space for PI to become the norm to hand out. However, the current state of routing appears to struggle with IPV4 taken to the limit, and so there seems to be understandable reluctance to actually fix all the issues we have with IPV4 since some facets of the solution kill current routing hardware..? Mobile phone numbers are now interchangeable between phone companies in under 24 hours in the UK. Lets hope that PI space allocations become the norm under IPv6..? > Without NAT (and BTW without working and complete L3 security in > switches) no one will consider IPv6 seriously nor dare to implement it > in production. Of course NAT does not provide security but it provides a > real and useful privacy, opposite to annoying randomness. It's not clear to me that NAT solves L3 security any better than a non-nat firewall? "Security" through NAT is largely through breaking routing, but a non NAT firewall appears to achieve entirely the same effect more directly (some would argue much better in fact) I personally think that IPV6 NAT could be very useful for a number of niche situations! Please lets see this get implemented! On the other hand I hope that widespread adoption doesn't happen... Instead I hope that PI allocations become straightforward and the norm. I would also disagree with some of the reasons *why* you want NAT, although at the limit I would still agree NAT is useful for some situations (just different situations) Cheers Ed W -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
