On Apr 23, 2010, at 6:17 AM, Jack Bates wrote: > Matthew Kaufman wrote: >> But none of this does what NAT does for a big enterprise, which is to *hide >> internal topology*. Yes, addressing the privacy concerns that come from >> using lower-64-bits-derived-from-MAC-address is required, but it is also >> necessary (for some organizations) to make it impossible to tell that this >> host is on the same subnet as that other host, as that would expose >> information like which host you might want to attack in order to get access >> to the financial or medical records, as well as whether or not the executive >> floor is where these interesting website hits came from. > > Which is why some firewalls already support NAT for IPv6 in some form or > fashion. These same firewalls will also usually have layer 7 proxy/filtering > support as well. The concerns and breakage of a corporate network are extreme > compared to non-corporate networks. > > > Jack
That is sad news, indeed. Hopefully it won't lead to NAT-T becoming a common part of software as the ISVs catch on to IPv6. Owen