|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Assigning IPv6 /48's to CPE's?
Some of the comments here have cleared things up a bit. I suspect we will see NAT doing some 4to6 and 6to4 through migration, but there is little reason to use NAT in place of stateful firewall in the v6 to v6 world. I think RFC3041 (Privacy Extensions) and RFC4864 (Local Network Protection) answer my question about MAC address privacy. I have to do some research on this, but does anyone know if Vista's IP stack is RFC3041 compliant today? (I believe OSX is but I don't know if it is enabled by default) On to IP address allocation again: So I was thinking of /64 as "one subnet" consisting of multiple nodes, when in practice a /64 is more like one node. This does open up some interesting possibilities like using multiple IP addresses within a /64 on a single machine. You could do things on the client side like separating applications into different "security zones" with individual IP addresses, or giving individual users on the system their own IP addresses so you can do user/zone specific firewall policies. You could have the OS allocate an IP to a local peripheral like a printer that is shared with the local network to prevent creating a potential vulnerability on one of the IP addresses applications are using to connect to the Internet. This is cool, but it also means that the /64 is the new /32, and /56 is the new /24. So in cases where it is anticipated that the client will (or eventually will) have more than ~255 devices, a /48 is recommended. So now it is starting to become clear why people are handing out /48's to end users.
|