Charles Adams wrote: > If there is a means for all hosts to have addresses that are > reachable from > all other hosts (barring that a security policy is in place), > will companies > renumber their internal networks to coincide with this > addressing scheme? > > If we (the Internet community) used private addresses and NAT > for all hosts > that do not want/need/require access from the Internet, would > the addressing > problem be as much of a problem as it appears to be? If we > are as generous > with the IPv6 addresses, how soon before we have the same > address problem? >
If you want a set of hosts to be only reachable internally, then set the policy to use site local addresses. For the set of nodes that need both internal addresses and external addresses, you don't need NAT like you do for IPv4, because each IPv6 host will have both a site-local & a global address to use. This will use exactly the same amount of address space as a static-mapped non-port-sharing IPv4 NAT, and has exactly the same security implications. The difference is that with IPv6, the end host knows its real address, and can take advantage of that knowledge for protocols that need it (IPsec, H.323, FTP, etc). THe only way the IPv4/NAT scenario limits address usage is when ports are shared, which limits which devices get a given port and when. Tony
