[AusNOG] FW: [Ap-ipv6tf] official shutdown date for IPv4. The date he is pushing for is April 4, 2024. "IPv4 can't go on forever, " Latour said. "

Mark Andrews marka at isc.org
Thu Nov 6 14:46:04 EST 2014 

In message <98518DB27649AF4EAFB2E355F71E6050020C79AFA6 at ISRV-EXCH-1.conexim.loca
l>, Jonathan Thorpe writes:
> NAT is not a firewall or a security feature and shouldn't be treated as such.
>  At best, it helps abstract internal addressing to help against reconnaissanc
> e.
> 
> On that basis, I'm happy to see NAT go with IPv6, however I've recently come 
> across a few use cases where it does actually help in a non-security sense.
> 
> For most CPE, you don't have the luxury of advertising BGP address space and 
> managing failover in that manner. Instead, you have address/prefix assignment
> s from the ISP and you can NAT traffic from the private address space.
> 
> This works well on IPv4 with NAT because you don't have to worry about changi
> ng address space on the LAN and can go as far as using PBR to distribute diff
> erent types of traffic across Internet connections.
> 
> From what I've seen, there's currently no workable way to do this with IPv6 
> on a LAN as there's no NAT. While there's no NAT, we do apparently have NPTv6
>  (http://tools.ietf.org/html/rfc6296), but I'm yet to see any working impleme
> ntations of this on any CPE or routing platform.
>
> With NPTv6, we get network address translation, but does so statelessly (not 
> touching ports or host portion of the address), so overcoming some of the sho
> rtcomings of NAT. With the expectation of end-to-end consistency in IPv6 addr
> essing however, I do fear that things will still break.

You just run multiple prefixes and use the source address to select
the correct exit router/path.  You also add/withdraw prefixes in
RA's so that hosts select working prefix addresses.  Add a ULA
prefix for internal communication.

> Interesting times ahead.
> 
> Kind Regards,
> Jonathan
> 
> -----Original Message-----
> From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Scott Week
> s
> Sent: Wednesday, 5 November 2014 10:07 PM
> To: ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] FW: [Ap-ipv6tf] official shutdown date for IPv4. The da
> te he is pushing for is April 4, 2024. "IPv4 can't go on forever, " Latour sa
> id. "
> 
> 
> 
> 
> > I may be opening a can of worms here, but for a bit of fun    I like 
> > NAT.  It solves a lot more problems that it causes (for me)
> 
> I am truly scared of a world with eleventy-billion unpatched, unprotected, vu
> lnerable/exploitable devices suddenly "directly reachable" by all those malwa
> re-infected, script-kiddies etc.
> --------------------------------------------------
> 
> 
> When you can't find the mole where're you gonna whack?
> 
> scott
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the AusNOG mailing list