On Apr 18, 2014 10:04 AM, "William Herrin" wrote:
> That's correct: you don't understand. Until you do, just accept: there
> are more than a few folks who want to, intend to and will use NAT for
> IPv6. They will wait until NAT is available in their preferred
> products before making any significa
On Apr 17, 2014 7:52 PM, "Matthew Kaufman" wrote:
>
> While you're at it, the document can explain to admins who have been
burned, often more than once, by the pain of re-numbering internal services
at static addresses how IPv6 without NAT will magically solve this problem.
If you're worried abou
On Apr 17, 2014 3:07 PM, wrote:
>
> On Thu, 17 Apr 2014 14:50:01 -0400, William Herrin said:
>
> > To vendors who would sell me product, I would respectfully suggest
> > that attempts to forcefully educate me as to what I *should want*
> > offers neither a short nor particularly successful path to
Hmmm. Phone accidentally sent email before it was finished.
Indeed. Having been deeply involved leading the technical side of our
transition at my organization for the past three years, I think those who
wait until the IPv6/IPv4 divide is roughly 50/50 or later are going to be
in for a world of hu
On Mar 27, 2014 8:01 PM, "Tim Durack" wrote:
>
> NANOG arguments on IPv6 SMTP spam filtering.
>
> Deutsche Telecom discusses IPv4->IPv6 migration:
>
> https://ripe67.ripe.net/presentations/131-ripe2-2.pdf
>
> Facebook goes public with their IPv4->IPv6 migration:
>
>
http://www.internetsociety.org/
On Mar 26, 2014 6:27 PM, "Luke S. Crawford" wrote:
> My original comment and complaint, though, was in response to the
assertion that DHCPv6 is as robust as DHCPv4. My point is that DHCPv6
does not fill the role that DHCPv4 fills, if you care about tying an IP to
a MAC and you want that connecti
On Mon, Mar 24, 2014 at 12:37 PM, William Herrin wrote:
> What sort of traction are you getting from that argument when you
> speak with enterprise security folks?
>
Actually, I never even had to make the argument in our enterprise. Our
cybersecurity organization already knew that overall NAT re
On Mon, Mar 24, 2014 at 8:25 AM, Joe Greco wrote:
> Bill Herrin wrote:
>
> I say this with the utmost respect, but you must understand the
> > principle of defense in depth in order to make competent security
> > decisions for your organization. Smart people disagree on the details
> > but the pr
On Mon, Mar 24, 2014 at 11:36 AM, Alexander Lopez wrote:
> not to mention the cost in readdressing your entire network when you
> change an upstream provider.
>
> Nat was a fix to a problem of lack of addresses, however, the use of
> private address space 10/8, 192.168/16 has allowed many to enjo
On Mon, Mar 24, 2014 at 6:56 AM, Saku Ytti wrote:
> On (2014-03-24 07:46 -0400), Brandon Ross wrote:
>
Maybe he does not suspect enough clueless people exist to pay that premium?
>
> Starting LIR + company, costs about 4000EUR, this gives you /22 for LIR,
> putting IPv4 address price at <4EUR.
>
On Mon, Mar 24, 2014 at 1:38 AM, Mark Tinka wrote:
> On Sunday, March 23, 2014 09:35:31 PM Denis Fondras wrote:
> > When speaking of IPv6 deployment, I routinely hear about
> > host security. I feel like it should be stated that this
> > is *in no way* an IPv6 issue. May the device be ULA,
> > LL
On Mon, Mar 24, 2014 at 1:51 AM, Mark Tinka wrote:
> On Monday, March 24, 2014 01:37:52 AM Timothy Morizot wrote:
>
> > Yes. As I said, same general sorts of risks for the most
> > part as in IPv4. Details differ, but same general types.
> > My point was that it's m
Unless I misremember, everyone who receives a direct allocation from ARIN
and signs an RSA is automatically a member. It's not clear to me what
"owner of a /24 network" means in that context. (I don't recall if signing
an LRSA in and of itself also makes one a member, since by the time we had
signe
On Mar 23, 2014 8:44 PM, "Michael Thomas" wrote:
> It seems to me that the only thing that really matters in v6 wars for
enterprise is whether their
> content side has a v6 face. Who really cares whether they migrate away
from v4 so long as
> they make their outward facing content (eg web, etc) a
On Mar 23, 2014 8:44 PM, "Mike Hale" wrote:
> "Your attack surface has already expanded whether or not you deploy IPv6."
> Not so. If I don't enable IPv6 on my hosts, the attacker can yammer
> away via IPv6 all day long with no result.
I suppose it depends on the size of your enterprise. But in
On Mar 23, 2014 7:54 PM, "Mike Hale" wrote:
> "unless by few you simply mean a minority"
> Which I do.
Then that's fine. But there are numerous enterprises in that minority and
it includes some pretty large enterprises. My own enterprise organization
has more than 600 sites, 100k employees, and t
On Mar 23, 2014 7:24 PM, "Mike Hale" wrote:
> It's derisive because you completely dismiss a huge security issue
> that, given the state of IPv6 adoption, a great majority of companies
> are facing.
The original assertion was that there are unaddressed security weaknesses
in IPv6 itself preventin
On Mar 23, 2014 6:21 PM, "Paul Ferguson" wrote:
> Says you.
And many others. My comments were actually reiterating what I commonly see
presented today.
> On the other hand, there are beaucoup enterprise networks unwilling to
> consider to moving to v6 until there are management, control,
> admin
On Mar 23, 2014 4:45 PM, "Paul Ferguson" wrote:
> Also, neighbor discovery, for example, can be dangerous (admittedly,
> so can ARP spoofing in IPv4). And aside from the spoofable ability of
> ND, robust DHCPv6 is needed for enterprises for sheer operational
> continuity.
Yes. As I said, same gen
On Mar 23, 2014 4:45 PM, wrote:
> Yo, Tim/Scott. Seems you have not been keeping up.
>
>
http://go6.si/wp-content/uploads/2011/11/DREN-6-Slo-IPv6Summit-2011.pdf
>
> points out several unique problems w/ IPv6 and in deployments
where
> there are ZERO IPv4 equivalents. Fer
On Mar 23, 2014 11:27 AM, "Paul Ferguson" wrote:
> Also, IPv6 introduces some serious security concerns, and until they
> are properly addressed, they will be a serious barrier to even
> considering it.
And that is pure FUD. The sorts of security risks with IPv6 are mostly in
the same sorts of ca
I've been in the process of rolling out IPv6 (again this night) across a
very large, highly conservative, and very bureaucratic enterprise. (Roughly
100K employees. More than 600 distinct site. Yada. Yada.) I've had no
issues whatsoever implementing the IPv6 RA+DHCPv6 model alongside the IPv4
model
On Jun 20, 2013 7:30 PM, "Rubens Kuhl" wrote:
> In this case of registrar compromise, DS record could have been changed
> alongside NS records, so DNSSEC would only have been a early warning,
> because uncoordinated DS change disrupts service. As soon as previous
> timeouts played out, new DS/NS p
On Jun 20, 2013 5:31 PM, "Randy Bush" wrote:
> and dnssec did not save us. is there anything which could have?
Hmmm. DNSSEC wouldn't have prevented an outage. But from everything I've
seen reported, had the zones been signed, validating recursive resolvers
(comcast, google, much of federal gover
On Nov 6, 2012 6:35 AM, "Seth Mos" wrote:
>
> Hi,
>
> Since about a week or so it's become impossible to reach wp.com content
over IPv6.
[snip]
> It looks like tunneled IPv6 users might be in hurt here.
>
> Is anyone else experiencing similar issues?
I've definitely had problems from my home netw
On Sep 16, 2012 6:58 PM, "John R. Levine" wrote:
>>>
>>> IPv6 has its problems, but running out of addresses is not one of them.
>>> For those of us worried about abuse management, the problem is the
>>> opposite, even the current tiny sliver of addresses is so huge that
>>> techniques from IPv4 t
26 matches
Mail list logo
