> > > IPv6 needs to be justified on the number of nodes that truly need a > > globally accessible public address, not by insisting on counting devices > > that should remain anonymous or under limited (and controlled) visibility. > > you appear to be confusing visibility with accessibility. >
No, that is exactly what I am not confusing. If a node only requires accessibility by a few specialized nodes (such as a water meter) then making it *visible* to more is just creating a security hole that has to be plugged. Yes, the hole can be plugged easily. I am merely pointing out that the opportunity to add more rules to an IPv6 firewall to plug a security hole that IPv6 created is *not* an argument for IPv6. Further, NAT boxes are very friendly to meter-type devices. They can receive their IPv4 address via DHCP (eliminating the need to administer addresses) and then they can contact the collection server. The upper-layer protocols will identify the meter, which they would have done for authentication reasons anyway. There are also a large number of solutions using L2 tunneling. My point remains, a globally meaningful address is something that should only be applied when it is useful for that endpoint to be globally addressable.