IPv6 Question

[Steve Deering]

At 7:56 AM -0700 5/18/98, Mike Crawfurd wrote:
> IPv6 has a very large address space, but it doesn't solve the problem
> for running out of private address space... Converting your entire
> network to IPv6 requires for at least an A-net, and I don't know how
> many addresses are supplied to companies...

Are you asking about global space or private space?  The proposed global
unicast address plan allocates a 16-bit subnet field plus a 64-bit host
(actually, interface) field to every customer site.  That's way bigger
than an IPv4 Class A network number.  The straightforward use of site-local
addresses would use the same amount of private addresses space (16+64),
but if you want the hassle of maintaining and routing different subnet
numbering plans for private address and global addresses, you can use up
to 54 bits to number your private subnets.  And if you want to give up
stateless autoconfiguration, you can have even more bits by cutting into
the interface ID field.  In other words, there's no problem of inadequate
private address space in IPv6.

> Private space was always a good security option, by using private space
> addresses the hosts were not directly reachable, with right
> configuration an excellent security feature.

Most customers using private addresses also use NATs or proxies or some
other means of allowing some internal machines to communicate to external
machines.  Thus, the lack of a global address does not prevent an
external machine from communicating with an internal machine.  Rather,
it is the careful configuration of who can talk to whom that achieves
whatever security is achieved, not the use of private addresses.

> Is the security so advance and so sure of itself to dare and make every
> host reachable for the outside world ?

If Internet telephony really takes off, this idea that only a small number
of machines in an organization need be reachable by the outside world will
probably pass away.

Steve