With IPv4, it's almost assumed you are behind a NAT, especially for a wireless device. Most home routers don't NAT for IPv6. The NAT added a decent layer of security. Ditching that security, as well as making your packets bigger for a wireless device, just seems stupid. Especially adding intentional delay to that end.
With IPv4, it's almost assumed you are behind a NAT, especially for a wireless device.
And this has caused many problems. ICE / STUN, TURN, UPnP-IGD, NAT-T, and the whole swath of fixes to the problems created by NAT stand as a testament to this
Most home routers don't NAT for IPv6.
That's because NAT was an ugly hack and IPv6 was designed in part to fix the brokenness that necessitated it.
The NAT added a decent layer of security.
Only as an accident, and not one that should be relied upon in place of real security measures
Ditching that security, as well as making your packets bigger for a wireless device, just seems stupid.
The benefits far outweigh the consequences of a slightly larger packet header, and there is less processing the router needs to do (and less state to hold), so the routing is more efficient. And if the device implements a simple soft firewall (as almost all IPv6 compatible SOHO routers seem to be doing nowadays) you're only better off for using the right tool for the job.
NAT does not provide any additional security for IPv6, given that the address used publicly is generated randomly and changed regularly. Firewalling works the same as before, except the absence of NAT reduces the computational overhead.
5 comments
2 u/glugglug 13 Jul 2015 23:23
I think it's a terrible idea.
With IPv4, it's almost assumed you are behind a NAT, especially for a wireless device. Most home routers don't NAT for IPv6. The NAT added a decent layer of security. Ditching that security, as well as making your packets bigger for a wireless device, just seems stupid. Especially adding intentional delay to that end.
2 u/rm 15 Jul 2015 09:13
And this has caused many problems. ICE / STUN, TURN, UPnP-IGD, NAT-T, and the whole swath of fixes to the problems created by NAT stand as a testament to this
That's because NAT was an ugly hack and IPv6 was designed in part to fix the brokenness that necessitated it.
Only as an accident, and not one that should be relied upon in place of real security measures
The benefits far outweigh the consequences of a slightly larger packet header, and there is less processing the router needs to do (and less state to hold), so the routing is more efficient. And if the device implements a simple soft firewall (as almost all IPv6 compatible SOHO routers seem to be doing nowadays) you're only better off for using the right tool for the job.
0 u/rdnetto 15 Jul 2015 16:51
NAT does not provide any additional security for IPv6, given that the address used publicly is generated randomly and changed regularly. Firewalling works the same as before, except the absence of NAT reduces the computational overhead.
0 u/trillneato 13 Jul 2015 22:08
It's a heavy handed compromise, but probably for the better when you consider the appstore as a whole, so kudos I guess?