Avoid using IP addresses for identifying remote hosts

In IPv4 networks, some sites and applications attempt to use the remote IP address to identify the client node that is connecting. In general for IPv4, do not use the IP address to identify the remote host. The client address can often be unpredictable, either because the client is using DHCP to obtain its address or because the client is accessing the server from behind a network address translation (NAT) device.

In IPv6, the client address is likely to become even more volatile than it is in IPv4 networks. Using Stateless Address Autoconfiguration, a client's address is dynamically derived from the MAC address of the network adapter used for connectivity. IPv6 also allows clients to pseudo-randomly generate IP addresses, referred to as temporary addresses, which can be used for one or more connections. These temporary addresses can be generated as frequently as the client desires- once a day, once an hour, or even more frequently. In general, the temporary addresses are not placed in the DNS, making it impossible to use DNS to map the IP address to a host name.

Result: The client IP addresses are unpredictable and subject to frequent change. In addition, it is possible, and even likely, that a server is unable to map the client address to a host name. If a mechanism to identify the remote host is required, then a different mechanism (client certificate, password, and so on) should be used to identify the remote host. For example, this approach is used by Enterprise Extender. For IPv6, Enterprise Extender does not support configuring or passing IPv6 addresses. Instead, it uses host names to identify Enterprise Extender nodes.