On Sat, Jul 14, 2012 at 09:48:49PM -0400, Robert E. Seastrom wrote:
Actually, that's one of the most insightful meta-points I've seen on NANOG in a long time.
There is a HUGE difference between IPv4 and IPv6 thinking. We've all been living in an austerity regime for so long that we've completely forgotten how to leave parsimony behind. Even those of us who worked at companies that were summarily handed a Class B when we mumbled something about "internal subnetting" have a really hard time remembering how to act when we suddenly don't have to answer for every single host address and can design a network to conserve other things (like our brain cells).
Addresses no longer being scarce is a significant shift, but this thread is about a lot more than that. I didn't get the feeling that the original poster was wanting to use non-global addresses on his internal links because he was concerned about running out. He also wanted to do so for purposes of security. And that's not a paradigm shift between v4 and v6. Obscurity / non-global address "magic" was pretend security in v4 and it's pretend security in v6. People who used RFC1918 space where they didn't need global uniqueness in v4 often did so initially because of scarcity (and were often making a completely reasonable decision in doing so), but they then falsly imputed a security benefit to that. If we can leverage the v6 migraton to get out of the thinking that some addresses are magically more secure than others, then that's probably a win, but it's not a fundamental difference between v4 and v6. It's not that correct IPv4 thinking is "1918 is more secure" but the security model of v6 is different. 1918 was never more secure. -- Brett