On Wed, Mar 30, 2011 at 10:33 AM, Richard Pieri <[email protected]>wrote:
> > Anyone who relies on NAT for security has almost no network security (see: > source IP spoofing). NAT is not, and never has been, about security. It > exists to address the limited address space in IPv4 but it is not formally > part of IPv4. NAT is, ultimately, a clever hack used to link non-routable > networks to routable networks. > > IPv6 removes this necessity. Thus, no NAT for IPv6. And hopefully there > never will be. IPv6 has link-local and site-local addressing, which > eliminates the need for segregating non-routable networks. This is built > into the specification. For everything else there is SPI. > Agreed, NAT is not a required ingredient for an effective firewall. Apples and oranges. It does, however, provide source obfuscation for individual machines on a LAN, and there is some value in that. For example, I suspect if it weren't for NAT, consumers would be paying their ISPs "per-node" connection fees. If things move in that direction in a mostly-IPv6 world, we could see a resurgence of NAT. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
