Re: Temporary IPv6 addresses vs. netgroups

[Lloyd Parkes <lloyd%must-have-coffee.gen.nz@localhost>]

On 8/02/2013, at 11:58 AM, David Laight <david%l8s.co.uk@localhost> wrote:

> On Fri, Feb 08, 2013 at 05:31:57AM +0700, Robert Elz wrote:
>>    Date:        Thu, 7 Feb 2013 20:44:24 +0000
>>    From:        David Laight <david%l8s.co.uk@localhost>
>>    Message-ID:  <20130207204423.GG28257%snowdrop.l8s.co.uk@localhost>
>> 
>>  | I thought that some web servers do IP address checking.
>> 
>> For the kind of address changing that is being discussed here, they cannot
>> really now (one special case excepted) - NAT pretty much guarantees that
>> the local part of most users' addresses are unpredictable, and not stable
>> over time (that is kind of what v6 temporary addresses seek to replicate).
> 
> Eh? NAT tends to fix the source address, it is DHCP that will randomise it.

"tends to" is the operative phrase there. Carrier NAT normally maps a large 
collection of source addresses onto a smaller collection of source address and 
while I'm sure the implementations of Carrier NAT will try and keep the source 
addresses stable, I'm also sure that there are ISPs out there that don't give a 
damn.

I saw IPv4 source addresses change rapidly twice while working for Inland 
Revenue. Because it was so rare I was able to track down the exact cause both 
times and in both cases it was reasonable for me to tell the customer (outside 
Inland Revenue) to "stop doing that". That may be the general answer to the 
volatile IPv4 address side of this discussion.

Cheers,
Lloyd