Obsession With Firewalls Could Hinder IPv6

DosIgriegas writes "The obsession with firewalls in IPv6 may result in some of the quirks of IPv4 reappearing. Ars Technica has an article looking at the topic in depth, exploring the technical challenges of securing the new protocol, and looking a the re-emergence of old problems in new guises. 'Ironically, what's required to make IPv6 work through a stateful firewall is almost identical to what's required to make IPv4 work though NAT. This means the IETF's efforts to keep IPv6 NAT-free in order to make protocols do their job without messy workarounds are defeated by the notion that everything should be firewalled.' If we decide to stick with firewalls in IPv6, we'll see many of the same hard-to-diagnose network problems that we have with IPv4."

IP6 is too complicated

[Viol8]

Its easy to manually configure a network using IP4. Try doing it using IP6 with its incomprehensible 128 bit hexcode addresses. But its self configuring the IP6 proponents exclaim. Oh yeah , and thats really fullproof isn't it. Not. There always end up being manual intervention with any network topology and trying to do it with IP6 is like trying to pull teeth with a very sharp paperclip - painful and slow.

Re:Defective by design?

[Lord+Ender]

In the tech world, you must adapt or die.

Your reasoning for using NAT seems to be based on dogma and tradition, not actual... reason.

So it seems you have selected "die." Good luck with that, dinosaur!

As a security pro, I can't WAIT to see the death of NAT. I am concerned that some of the older people around here will make it a lot harder than it needs to be out of an irrational fear of change and (gasp) having to learn something new :-(