On Apr 23, 2010, at 6:17 AM, Jack Bates wrote:
Matthew Kaufman wrote:
But none of this does what NAT does for a big enterprise, which is to *hide internal topology*. Yes, addressing the privacy concerns that come from using lower-64-bits-derived-from-MAC-address is required, but it is also necessary (for some organizations) to make it impossible to tell that this host is on the same subnet as that other host, as that would expose information like which host you might want to attack in order to get access to the financial or medical records, as well as whether or not the executive floor is where these interesting website hits came from.
Which is why some firewalls already support NAT for IPv6 in some form or fashion. These same firewalls will also usually have layer 7 proxy/filtering support as well. The concerns and breakage of a corporate network are extreme compared to non-corporate networks.
Jack
That is sad news, indeed. Hopefully it won't lead to NAT-T becoming a common part of software as the ISVs catch on to IPv6. Owen