Peter Bieringer wrote: > Where is the problem? > > Today they got *one* *dynamic* IPv4 address and have to be happy with > it. Connection of additional internal hosts requires masquerading, > causing perhaps problems and had (without dedicated port forwarding) > no capability to direct traffic from outside to inside. > > In IPv6 future, they will get one /64 prefix and can connect a lot of > toasters, VCRs, TVs, battery chargers, light switches and so on. All > devices get a *global* IPv6 address. > And in case of no IPv6 firewalling, all this devices can be connected > directly from outside. > > --> normally a big advantage > not mention any potential security issues in network-connected > toasters here now ;-)
All sites have a /64 and a /48 prefix available to them *before* they make any global connection; link-local & site-local. For those devices where global connectivity may cause undue security concerns (like a light switch) there is absolutely no reason they need to pay attention to any global prefixes that may be in the RA. They will still be perfectly functional auto-configuring IPv6 devices, they just won't have global access. If privacy is the intended policy, it is easier to implement and more secure to have only the nodes that need global addresses listen to them in the RA, than to rely on a NAT/filter which is most likely confused because its state updates take longer than the dynamics of connections. > > People have only to think that they do no longer need to take care > about Layer 3 routing and addresses in their home networks, they only > need a Layer 2 switch and the "IPv6 access device". We have an allocation mechanism for the simple layer-2 network, a /64, and a mechansim for those who want a complex layer-3, a /48. > > Your described scenario only cause a problem if someone really wants > to Layer 3 route in his home network - but how many really want to do > this or need this? It doesn't matter, the mechansim exists and is sufficient for all but a handful of multi-national corporations. > > > Conclusion: people have to think about network redesigning from > dedicated small IPv4 network islands to bigger full switched IPv6 > networks. To be precise, people should think about designing the network topology to meet the functional requirements. > > Note: broadcast traffic is reduced/eliminated in IPv6 because of > Layer 3 multicast mechanism, which should be also mapped into Layer 2 > multicast addresses. Layer-2 broadcasts are still appropriate for some uses, so don't assume that just because we can do without them at layer-3 that we should get rid of them at layer-2 as well. Tony -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
