IPv6 Security and those damned dirty NATs
Saturday, February 6, 2010 by darcoWith less than 10% of IPv4 addresses remaining unallocated, IPv6 has been getting a lot of attention lately. As such, hardware vendors and ISPs (like Comcast) are now starting to figure out how best to deploy IPv6 connectivity to residential customers.
IPv6 would effectively make the use of IP masquerading (A form of Network Address Translaton used in practically all residential gateway routers) unnecessary. Unfortunately, the current ubiquity of IP masquerading has caused vendors and ISPs to be suspicious of allowing proper end-to-end connectivity to residential customers. I have even heard that some are even considering using the same IP masquerading mechanism for IPv6—for security reasons!
This would be a very bad thing for the future of the IPv6 internet, so I wanted to elaborate on the motivations people have for doing this and ways that it can be avoided altogether.