Reply to post: "So I ask again, what are you planning to do that a /64 is insufficient for your needs?"

We are absolutely, definitively, completely and utterly out of IPv4 addresses, warns RIPE

LDS Silver badge

"So I ask again, what are you planning to do that a /64 is insufficient for your needs?"

At home I have three subnets that can access the internet. One is the main one, one is for IoT devices, the third one is for guests. Plus there are other three internal subnets. All with different firewall rules.

I wouldn't be able to separate such traffic easily with a /64 - without being forced to use some hacks that may not be supported by all devices. My pfSense 2.4 doesn't allow for full NAT on IPv6, for example, only network prefix translations. I also guess my two L3 switches won't understand prefixes larger than /64, making routing across some subnets no longer working.

Moreover, recent implementations of IPv6 will no longer use the plan MAC address to generate an IP, so you're not leaking that data.

Anyway if you do 1:1 NAT on the router, and yo don't "rotate" the mappings you're still giving away perfectly valid unique identifiers. If you're using a smaller pool of IPv6 addresses for NAT you're back to the issues you have with IPv4 (static ports mappings of UPnP)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019