I have been reading the Debian System Administrator's Handbook, and I came across this passage in the gateway section:
...Note that NAT is only relevant for IPv4 and its limited address space;
in IPv6, the wide availability of addresses greatly reduces the
usefulness of NAT by allowing all “internal” addresses to be directly
routable on the Internet (this does not imply that internal machines
are accessible, since intermediary firewalls can filter traffic).
That got me thinking... With IPv6 there is still a private range. See: RFC4193. Are companies really going to set up all their internal machines with public addresses? Is that how IPv6 is intended to work?
Answer
Is that how IPv6 is intended to work?
In short, yes. One of the primary reasons for increasing the address space so drastically with IPv6 is to get rid of band-aid technologies like NAT and make network routing simpler.
But don't confuse the concept of a public address and a publicly accessible host. There will still be "internal" servers that are not Internet accessible even though they have a public address. They'll be protected with firewalls just like they are with IPv4. But it will also be much easier to decide that today's internal-only server needs to open up a specific service to the internet tomorrow.
Are companies really going to set up all their internal machines with public addresses?
In my opinion, the smart ones will. But as you've probably noticed, it's going to take quite a while.
No comments:
Post a Comment