IPv6 The Next Generation - Private Addresses
(Page 3 of 4 )
Access granted to nerd level 3 of 4. By now, you should be starting to turn a translucent shade of pale and your eyes should be experiencing enough wear and tear to convince you to try out a nice thick set of Harry Caray style spectacles. I won't bore you with any old timey stories of me and Harry back at Wrigley, but I will give you a brief overview of the current state of private addressing and how it has both helped and hindered our progression toward IPv6.
I mentioned earlier that IPv6 will allow for much more public address space and that IPv4 is on the verge of running out of space. Well, one of the reasons IPv4 has been able to avoid the inevitable for so long is because of widespread use of private addressing, mainly Network Address Translation. Basically NAT allows a router to act as an agent between the Internet (public network) and a private network. A single IP address can then represent an entire group of computers. I will now give an outline of an article by Dan Campbell that goes over the advantages and disadvantages of NAT.
First I will discuss the disadvantages. Apparently NAT can be a strain on the processor. Most of us would rather use the router or firewall for what they're primarily designed to do, but, as Campbell says, “Even if you do a good job of calculating the maximum NAT load that your user community will normally generate, you can't account for DOS attacks or viruses on PCs that generate an abnormal amount of sessions through the NAT gateway.”
Because all traffic must go through the same NAT gateway, network resiliency is fundamentally weakened and the chances of a one's session being interrupted increases. Also, a security breach is made harder to trace when several users are using a single IP address. And when rebooting the NAT device after a breach, the data needed to trace the attack is mostly wiped out.
According to Campbell, deploying NAT is basically a “compromise” on the part of ISPs that couldn't gather enough public address space. Clearly he thinks that NAT is inferior to using an all public address model.
Next: Gotta Love Dat NAT >>
More Web Hosting Articles Articles
More By Michael Lowry