Importance of firewalling/fire suit

There will be no NAT
(NAT does not provide security, btw)

Absense of NAT will promote p2p applications
Packet filtering at the edge will become very difficult
"Fire suit" instead of firewalling - OS vendors must take a security stance

Extension header chain makes filtering difficult
Need to dig deeper into packet to know the actual protocol being used
DoS possibility if the IPv6 stack implemented without care
(there's no upper limit to number of extension headers specwise)

+---------------+----------------+-----------------+-----------------
|  IPv6 header  | Routing header | Fragment header | fragment of TCP
|               |                |                 |  header + data
| Next Header = |  Next Header = |  Next Header =  |
|    Routing    |    Fragment    |       TCP       |
+---------------+----------------+-----------------+-----------------