Caitlin Bestler wrote: > My point remains, a globally meaningful address is something that > should only be applied when it is useful for that endpoint to > be globally addressable.
This is your only valid point, and has nothing to do with NAT, Firewalls, or anything else on this thread today... There are cases where an application context calls for local scope addresses (like I may not want my light switch available outside the home), but that is exactly why IPv6 provides local link & site scope addresses. If you have a device that is being used in a local scope application context, then it should not acquire a global scope prefix. At the same time there may be other applications sharing the wire that are global scope (like my son and I run independent web servers). For this context the global scope IPv6 addresses are exactly what is required, because sharing a port doesn't work. >From my observations over time, the hardest thing for network technologists to wrap their heads around is the fact that with IPv6 nodes are capable of multiple addresses simultaneously, and those addresses have different scopes of applicability. It is a matter of local policy which addresses get used, so match the address scope to the use policy. In any case, stop saying that NAT is required to keep a node hidden, because it is not. Also by definition if a NAT is aware of the 'hidden' device, the device is no longer hidden from the world. Tony