IPv6 Address Planing: How to Survive without NAT
Loading...
Top Comments
All Comments (22)
-
Thanks.. very informative. A quick suggestion though, you might like to put the RFC and sixxs.net links in the video description so you can just click them.
-
@jullrich Super excellent explanation!!! Loved it. Many thanks for this presentation.
-
The LAN is dead, and so are the idears in this video... Servers should have a global IPv4 and IPv6 address, and clients sould have a NATTED IPv4 and a global IPv6 address... Firewalling sould not be based on source addresses. All services must be accessible from everywhere... Use authentication for security, not source address.
-
@gn02020202 Well, there's plenty of room to have static addresses. Also, autoconf picks the same address every time (generated from network card's MAC address), so it's usually as good as a static address. Also, you can use a DHCPv6 server in stateless mode along with autoconf to support things like giving out a DNS server. (I don't know about DNS updates, but you really don't need them with autoconf. The addresses are always the same for the same network card.)
-
@alp627 The windows default firewall will start blocking packets about 30 seconds after they come in. This means that some hacker has already gotten into your system before the firewall detects it. This is when you say, "Oops. Oh well. I guess I wanted to let him in by me running windows and not using a hardware firewall."
-
NATv6 is not gone, but is a common application. The main folks in charge of telling you about IPv6 do not want you to know about NAT and IPv6. I have been using NATv6 since Jan 1st successfully. And the NAT devices that the stores sell contain firewalls, but they do not list them on the package. Most people assume that it is just NAT and forget about the firewall.
-
@SoftwareExplorer There is something odd about DHCPv6. It supports DNS updates, where autoconf does not. IMHO, autoconf's intent is to make everyone memorize IPv6 addrs, while DHCPv6 makes us memorize dns names.
-
NATv6 is not gone, but a widely used application. I have been using it to change my FC00::/7 to a real IPv6 since January. Something to note, when people talk about NAT on V4, they usually mean a firewall with it, but the stores call it a "NAT" device, not a "NAT+Firewall" device. Most people use the default stock setup on the firewall and only change the NAT side. These firewalls usually block on incoming from the external.
-
@alp627 The windows firewall provides blocking about 30 seconds after the connection has started. That is long enough for someone to hack in and already own your box. A hardware firewall is much better.
-
Saying that a /64 is the smallest subnet you can have is false. If you use DHCPv6 instead of Autoconf (which requires /64 subnet), you can use any subnet size you want.
14:19
IPv6 Lecture 1by vanderl27962,474 views- 3:42
IPv6-Adressbildungby ipv6netmedia3,325 views
- 4:09
TCP IPby patoaravena107,941 views
- 3:37
IPv6 for Dummies - Part 1by ejjank6,941 views
- 1:56
Under Obama- FUNNY MUSIC VIDEOby 160194ah45,796,998 views
- 1:11
IPv6 in 60 Secondsby gogo6videos37,018 views
- 8:56
Realita Cinta dan Rock n Roll 9/12by sijeruk100,476,266 views
- 15:26
IPv6-04 IPv6 Stateless Address Autoconfiguration (SLAAC)by Keith67833,489 views
- 4:27
IPv6 For Dummies: Part 2by ejjank2,261 views
- 22:25
How To Transition from IPv4 to IPv6by OnlineTechDataCenter1,468 views
- 2:18
Configuring IPv6 Addressing.aviby dbbaker251,742 views
- 12:26
IPv6-07 Cisco IPv6 Anycastby Keith67832,017 views
- 4:43
"Fanboy" series - IPv6 and NATsby foobarbuzz10,118 views
- 15:18
Network Sniffing: Using Wireshark to Find Network Vulnerabilitiesby DHAtEnclaveForensics2,292 views
- 2:57
Surfing the Web with IPv6-only using a whitelisting DNS (World IPv6 Day ready!)by alucientes678 views
- 1:06:40
Episode 94: TechWiseTV: The IPv6 Implementation Action Planby Cisco6,410 views
- 3:09
Real ROI for the switch to IPv6 - he.net Webcast 37by hurricaneelectric8,849 views
- 25:46
Understanding IPv6.aviby dbbaker252,209 views
- 20:28
Episode 101: Visualizations and IPv6by teamcymru1,178 views
- 9:29
IPv6 by Johannes Ullrich - Part 1by sansinstitute3,910 views
@fracutube Home routers just need to provide a default-deny firewall for incoming connections, the same way they do now with IPv4. The difference being that if you *want* to allow selected incoming access, you can do it without address translation, and you are no longer limited to a single device being publicly accessible on port 80 (if you want).
tedpidau 9 months ago 3
@fracutube Most likely, IPv6 routers will come with a stateful firewall preconfigured (which would be effectively as secure as NAT). So "grandma" won't even know the difference.
IPv6 has so many addresses that it is infeasible to try random addresses in hopes of finding a vulnerable computer behind it. Most homes would get the current number of IPv4 internet addresses SQUARED. So in some ways IPv6 can be more secure.
SoftwareExplorer 8 months ago 2