This is a strange feeling after growing up with 1 routable IP address to somehow share across a whole network and having hundreds of NAT port forwards. It really should make life much easier.

But… there are a few implications. Previously in many situations we have been able to rely on NAT as a reasonably effective firewall. NAT is excellent at that. Customer ADSL/Cable routers will need to now have firewalls which many don’t… and if they do have firewalls it is almost certain they wont be managed properly.

So IPv6 end to end connectivity is all very well; but now instead of managing port forwarding there is going to need to be managing of firewalls instead. By default I am sure they will be managed by UPNP; so basically may as well not be running a firewall unless UPNP gets some security added.

Lastly, I realised IPv6 means you can no longer use the excuse of decreasing the size of broadcast domains when subnetting or using VLANs… It now will be reducing the multicast domains seeing IPv6 now uses multicast to replace the broadcast functions. I’m pretty sure most usually VLANs are more about security anyway than broadcast domains.