Re: Temporary IPv6 addresses vs. netgroups

[Robert Elz <kre%munnari.OZ.AU@localhost>]

    Date:        Thu, 7 Feb 2013 22:58:45 +0000
    From:        David Laight <david%l8s.co.uk@localhost>
    Message-ID:  <20130207225845.GH28257%snowdrop.l8s.co.uk@localhost>

  | Eh? NAT tends to fix the source address, it is DHCP that will randomise it.


No, other than as used by (some) ISPs, DHSP tends to produce very stable
source addresses - you may not be able to predict what you'll get before
you have been served the first time, but after that you can normally expect
to get the same thing every time (some cheap servers have no stable storage,
so things get unpredictable again after power outages, but aside from that
even the el-cheapo dhcp servers in consumer grade adsl routers produce
stable addresses).

For the NAT part you're looking at this from the wrong end, we aren't
concerned with what it looks like at the source host, or even as the
data departs the local site (post-NAT) - but what it looks like to the
server.

What matters is that the server cannot track the source address to a
particular client (as NAT will have reused the same address for man
different clients).   The lack of any useful purpose in attempting
this means that the web server people don't bother (they invented
cookies instead).

The aim for temporary addresses for v6 was to achieve the same result
without NAT - since we're not going to get lots of clients mapped into
the same address, the solution is to map each client into lots of
addresses, again making it pointless for the web server to attempt to
track the things.

Note for this effect it is not crucial that every web client use
temporary addresses, but a large proportion need to - so we really
want to make the default be for that to happen.   If some site (or
user's) policy prevents that, that's harmless.

kre