On Wed, 2 Jan 2008, Rick Astley wrote:
Some of the comments here have cleared things up a bit.
I suspect we will see NAT doing some 4to6 and 6to4 through migration, but there is little reason to use NAT in place of stateful firewall in the v6 to v6 world.
I think RFC3041 (Privacy Extensions) and RFC4864 (Local Network Protection) answer my question about MAC address privacy. I have to do some research on this, but does anyone know if Vista's IP stack is RFC3041 compliant today? (I believe OSX is but I don't know if it is enabled by default)
On by default in Windows, off by default in Linux (net.ipv6.conf.all.use_tempaddr), OSX and BSD (net.inet6.ip6.use_tempaddr)
On to IP address allocation again:
So I was thinking of /64 as "one subnet" consisting of multiple nodes, when in practice a /64 is more like one node.
This does open up some interesting possibilities like using multiple IP addresses within a /64 on a single machine. You could do things on the client side like separating applications into different "security zones" with individual IP addresses, or giving individual users on the system their own IP addresses so you can do user/zone specific firewall policies.
In my opinion /64 is very likely not a one-node configuration. Potentially you can put every computer under the world into /64. I agree the functional/operational separation is easy with /64. Earlier in IPv4 you had to think about the subnet sizes: here you have /64 and you can put as many computer as you like in that subnet! Introduction of IPv6 support in your network allows rethinking the subnetting, and address allocation to accomodate better your current need. Best Regards, Janos