In message , "Ricky Beam" writes:
> On Mon, 09 Feb 2009 21:11:50 -0500, TJ wrote:
> > Your routers fail frequently? And does your traffic continue to get
> > forwarded? Perhaps through another router?
>
> More frequently than the DHCP server, but neither are "frequent" events.
> Cisco's sof
On Feb 10, 2009, at 4:30 PM, TJ wrote:
But that is my point - Do any of the compliance frameworks /
requirements /
audit standards today address IPv6, or detail how it could be
implemented in
such a fashion as to 'pass' an audit (including the "in-house" /
consultant-specific audit guidelin
On 11/02/2009, at 10:41 AM, Ricky Beam wrote:
It's useless. It does NOT provide enough information alone for a
host to function. In your own words, you need a DNS server. That
is NOT provided by RA thus requires yet another system to get that
bit of configuration to the host -- either en
On 10/02/2009, at 3:20 PM, Christopher Morrow wrote:
IPv6 it's easier, but you're still limiting the uptime of your
system to
that of the DHCPv6 server. Router advertisements is much more
robust.
'more robust'... except it doesnt' actually get a device into a usable
state without admins wal
>> Your routers fail frequently? And does your traffic continue to get
>> forwarded? Perhaps through another router?
>
>More frequently than the DHCP server, but neither are "frequent" events.
>Cisco's software is not 100% perfect, and when you plug it into moderately
>unstable things like phone
On Mon, 09 Feb 2009 21:11:50 -0500, TJ wrote:
Your routers fail frequently? And does your traffic continue to get
forwarded? Perhaps through another router?
More frequently than the DHCP server, but neither are "frequent" events.
Cisco's software is not 100% perfect, and when you plug it
>> Current versions of the rest (HIPAA, GLBA, SOX, FIPS, etc.) simply
>> tend to omit IPv6 completely, and generally require everything not
>> explicitly called out to be disabled ... thus, no IPv6 on any network
>> that falls under any of these regulations.
>
>TJ - You attempted to say that for PC
On Feb 10, 2009, at 8:52 AM, TJ wrote:
Current versions of the rest (HIPAA, GLBA, SOX, FIPS, etc.) simply
tend to
omit IPv6 completely, and generally require everything not
explicitly called
out to be disabled ... thus, no IPv6 on any network that falls under
any of
these regulations.
T
>Considering that RFC1918 says nothing about IPv at all,
That may technically be true, but it does explicitly reference IPv4
addresses.
Oh, and when RFC1918 (or more correctly, RFC1597) was written, "IP",
"TCP/IP", etc. all directly meant IPv4.
(RFC1597 @ 03/94 ... RFC1883 @ 12/95)
>However the PCI DSS does contain a "Compensating controls" section, which
>allows for the use of functionality which "provide[s] a similar level of
>defense" to the stated requirements, where the stated requirements can not
>be followed due to "legitimate technical or documented business
constrain
>> >> > The SOX auditor ought to know better. Any auditor that
>> >> > requires NAT is incompenent.
>> >>
>> >> Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
>> >> RFC1918 addressing ...
>> >
>> >SOX auditors are incompetent. I've been asked about anti-virus
>> >software on UN
Just for the record, the original post was in reference to use of
non-RFC1918 space on an *air-gapped* network.
--Trey
>> Let's face it - they're going to have to come up with much more
creative
>> $200/hour chucklehead consultants to burn through that much anytime soon.
>> Anybody feel like sta
>> IPTables is decent firewall code.
>
>Not really. It's quite complicated for a non-engineer type to manage.
>Think of all the unpatched windows xp/vista users of the world.
>
>> It's free.
>...
>> Further, since more and more CPE is being built on embedded linux,
>> there's no reason that IPTabl
On Tue, 10 Feb 2009 18:03:40 +1100, Matthew Palmer said:
> Considering that RFC1918 says nothing about IPv at all, could that be a
> blocker for deployment in general? That'd also make for an interesting
> discussion re: other legacy protocols (IPX, anyone?)...
I was all set to call shenanigans o
On Mon, 9 Feb 2009, Ricky Beam wrote:
On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk
wrote:
Non-NAT firewalls do have some appeal, because they don't need to mangle
the packets, just passively observe them and open pinholes when
appropriate.
This is exactly the same with NAT and non-NA
On Mon, Feb 09, 2009 at 09:27:59PM -0500, TJ wrote:
> >> > The SOX auditor ought to know better. Any auditor that
> >> > requires NAT is incompenent.
> >>
> >> Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
> >> RFC1918 addressing ...
> >
> >SOX auditors are incompetent. I've
On Mon, Feb 9, 2009 at 9:54 PM, John Osmon wrote:
> It isn't SOX, but sadly enough, PCI DSS Requirement 1.5 says:
> Implement IP address masquerading to prevent internal addresses from
> being translated and revealed on the Internet. Use technologies that
> implement RFC 1918 address space,
security by obscurity is not the way, everyone knows it.
those guys will figure it out sooner or later (where later, might take ages).
in the meanwhile, a lot have pseudo-secured networks thru triple-nat,
quadruple-nat, multiple ipsec'd layered and so, and others live with the hammer
in their s
On Tue, Feb 10, 2009 at 02:16:10PM +1100, Mark Andrews wrote:
>
> In message <00df01c98b27$3181b7e0$948527...@com>, "TJ" writes:
[...SOX auditor stuff...]
> > When the compliance explicitly requires something they are required to check
> > for it, they don't have the option of ignoring or waving r
On Mon, Feb 9, 2009 at 9:47 PM, TJ wrote:
>>Why would anyone NOT want that?? what replaces that option in current RA
>>deployments?
>
> One nit - I like to differentiate between the presence of RAs (which should
> be every user where IPv6 is present) and the use of SLAAC (RA + prefix).
>
Sure, bu
Mark Andrews wrote:
Please cite references.
I can find plenty of firewall required references but I'm
yet to find a NAT and/or RFC 1918 required.
(Skip if you've participated in a SOX audit from the IT department POV)
The way it works is that the law doesn't call for s
>> When the compliance explicitly requires something they are required to
>> check for it, they don't have the option of ignoring or waving
>requirements ...
>> and off the top of my head I don't recall if it is SOX that calls for
>> RFC1918 explicitly but I know there are some that do.
>
>I believ
In message <00df01c98b27$3181b7e0$948527...@com>, "TJ" writes:
> >> > The SOX auditor ought to know better. Any auditor that
> >> > requires NAT is incompenent.
> >>
> >> Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
> >> RFC1918 addressing ...
> >
> >SOX auditors are incom
@nanog.org
Subject: Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP
space
DSL and cable modems are extremely simple devices. I'm amazed they have
any amount of "router" in them at all. And I've yet to see one running
Linux. (the 2 popular brands around here
>Why would anyone NOT want that?? what replaces that option in current RA
>deployments?
One nit - I like to differentiate between the presence of RAs (which should
be every user where IPv6 is present) and the use of SLAAC (RA + prefix).
Right now - Cheat off of IPv4's config.
(Lack of DHCPv6 cli
TJ wrote:
When the compliance explicitly requires something they are required to check
for it, they don't have the option of ignoring or waving requirements ...
and off the top of my head I don't recall if it is SOX that calls for
RFC1918 explicitly but I know there are some that do.
I believe
>> >The SOX auditor ought to know better. Any auditor that
>> >requires NAT is incompenent.
>>
>> Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
>> RFC1918 addressing ...
>
>SOX auditors are incompetent. I've been asked about anti-virus software on
>UNIX servers and the
John Peach wrote:
>
> On Mon, 9 Feb 2009 21:16:49 -0500
> "TJ" wrote:
>
>>> The SOX auditor ought to know better. Any auditor that
>>> requires NAT is incompenent.
>> Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
>> RFC1918 addressing ...
>
> SOX auditors are inco
On Mon, Feb 9, 2009 at 6:16 PM, Ricky Beam wrote:
> On Fri, 06 Feb 2009 09:39:01 -0500, Iljitsch van Beijnum
> wrote:
>>>
>>> If you want the machine to always have the same address, either enter it
>>> manually or set your DHCP server to always give it the same address.
>>
>> Manual configuratio
On Mon, 9 Feb 2009 21:16:49 -0500
"TJ" wrote:
> > The SOX auditor ought to know better. Any auditor that
> > requires NAT is incompenent.
>
> Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
> RFC1918 addressing ...
SOX auditors are incompetent. I've been asked abo
In message <00cf01c98b24$efe42680$cfac73...@com>, "TJ" writes:
> Also, it is not true in every case that hosts need a "lot more" than an
> address.
> In many cases all my machine needs is an address, default gateway and DNS
> server (cheat off of v4 | RFC5006 | Stateless DHCPv6).
address
> The SOX auditor ought to know better. Any auditor that
> requires NAT is incompenent.
Sadly, there are many audit REQUIREMENTS explicitly naming NAT and RFC1918
addressing ...
>As I read it, you don't want to use DHCP because "it's an other service to
>fail." Well, what do you think is broadcasting RA's? My DHCP servers have
>proven far more stable than my routers. (and one of them is a windows
server
>:-)) Most dhcp clients that keep any state will continue using the
Mark Newton wrote:
On a commodity consumer CPE device, the ALG code doubles as a
stateful inspection engine.
So it _is_ required when address translations are not being performed.
H, the code may be there, but I suspect that not all of it will
apply to v6 and be used.
Is security some
On 10/02/2009, at 11:03 AM, Jack Bates wrote:
There is if you have a dual-stack device, your L4-and-above protocols
are the same under v4 and v6, and you don't want to reinvent the
ALG wheel.
ALG only fixes some problems, and it's not required for as much when
address translations are not
Mark Newton wrote:
Fine, you don't like rewriting L3 addresses and L4 port numbers. Yep,
I get that. Relevance?
Just out of what I like and might use, GRE (no port), ESP (no port), AH
(no port), SCTP (would probably work fine with NAT, but I haven't seen
it supported yet and because every bo
In message <4990c38c.8060...@eeph.com>, Matthew Kaufman writes:
> Owen DeLong wrote:
> > In terms of implementing the code, sure, the result is about the same,
> > but, the key point here is that there really isn't a benefit to having that
> > packet mangling code in IPv6.
>
> Unless your SOX aud
Owen DeLong wrote:
In terms of implementing the code, sure, the result is about the same,
but, the key point here is that there really isn't a benefit to having that
packet mangling code in IPv6.
Unless your SOX auditor requires it in order to give you a non-qualified
audit of your infrastruct
On 10/02/2009, at 10:17 AM, Owen DeLong wrote:
Sure, but at the end of the day a non-NAT firewall is just a
special case
of NAT firewall where the "inside" and "outside" addresses happen to
be the same.
Uh, that's a pretty twisted view. I would say that NAT is a special
additional capabil
On Feb 9, 2009, at 3:33 PM, Mark Newton wrote:
On 10/02/2009, at 9:54 AM, Stephen Sprunk wrote:
Yes, an ALG needs to understand the packet format to open pinholes
-- but with NAT, it also needs to mangle the packets. A non-NAT
firewall just examines the packets and then passes them on u
On 10/02/2009, at 9:54 AM, Stephen Sprunk wrote:
Yes, an ALG needs to understand the packet format to open pinholes
-- but with NAT, it also needs to mangle the packets. A non-NAT
firewall just examines the packets and then passes them on unmangled.
Sure, but at the end of the day a non-
Ricky Beam wrote:
On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk
wrote:
Non-NAT firewalls do have some appeal, because they don't need to
mangle the packets, just passively observe them and open pinholes
when appropriate.
This is exactly the same with NAT and non-NAT -- making any anti-N
Nathan Ward wrote:
On 10/02/2009, at 11:35 AM, Scott Howard wrote:
Go and ask those people who "feel statics are a given for IPv6" if they
would prefer static or dynamic IPv4 addresses, and I suspect most/all of
them will want the static there too. Now ask your average user the same
question a
On Fri, 06 Feb 2009 09:39:01 -0500, Iljitsch van Beijnum
wrote:
If you want the machine to always have the same address, either enter
it manually or set your DHCP server to always give it the same address.
Manual configuration doesn't scale. With IPv4, it's quite hard to make
this work wit
On Feb 9, 2009, at 2:11 PM, Ricky Beam wrote:
On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk
wrote:
Non-NAT firewalls do have some appeal, because they don't need to
mangle
the packets, just passively observe them and open pinholes when
appropriate.
This is exactly the same with NAT
On 10/02/2009, at 11:35 AM, Scott Howard wrote:
Go and ask those people who "feel statics are a given for IPv6" if
they
would prefer static or dynamic IPv4 addresses, and I suspect most/
all of
them will want the static there too. Now ask your average user the
same
question and see if you
On Sat, Feb 7, 2009 at 5:56 PM, Matthew Moyle-Croft
wrote:
> My issue is that customers have indicated that they feel statics are a
> given for IPv6 and this would be a problem if I went from tens of thousands
> of statics to hundreds of thousands of static routes (ie. from a minority to
> all).
Ricky Beam wrote:
On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk
wrote:
Non-NAT firewalls do have some appeal, because they don't need to mangle
the packets, just passively observe them and open pinholes when
appropriate.
This is exactly the same with NAT and non-NAT -- making any anti-NA
On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk
wrote:
Non-NAT firewalls do have some appeal, because they don't need to mangle
the packets, just passively observe them and open pinholes when
appropriate.
This is exactly the same with NAT and non-NAT -- making any anti-NAT
arguments null
On Fri, 06 Feb 2009 22:32:10 -0500, Owen DeLong wrote:
IPTables is decent firewall code.
Not really. It's quite complicated for a non-engineer type to manage.
Think of all the unpatched windows xp/vista users of the world.
It's free.
...
Further, since more and more CPE is being built
On Mon, 9 Feb 2009, Andy Davidson wrote:
On Thu, Feb 05, 2009 at 07:19:37PM -0500, Robert D. Scott wrote:
Wii should not even consider developing " a cool new protocol for the Wii"
that is not NAT compliant via V4 or V6. And if they do, we should elect a
NANOG regular to go "POSTAL" and hand
On Thu, Feb 05, 2009 at 07:19:37PM -0500, Robert D. Scott wrote:
> Wii should not even consider developing " a cool new protocol for the Wii"
> that is not NAT compliant via V4 or V6. And if they do, we should elect a
> NANOG regular to go "POSTAL" and handle the problem. The solution to many of
>
On Sun, Feb 8, 2009 at 11:42 PM, Joel Jaeggli wrote:
> FD00::/8
>
> ula-l rfc 4139
s/4139/4193/
--
Thanks; Bill
Note that this isn't my regular email account - It's still experimental so far.
And Google probably logs and indexes everything you send it.
Skeeve Stevens wrote:
> Owned by an ISP? It isn't much different than it is now.
>
> As long as you are multi-homed you can get a small allocation (/48),
> APNIC and ARIN have procedures for this.
>
> Yes, you have to pay for it, but the addresses will be yours, unlike
> the RFC1918 ranges which
valdis.kletni...@vt.edu wrote:
> On Tue, 03 Feb 2009 11:25:40 +0900, Randy Bush said:
>>> Not quite..
>>> 2^96 = 79228162514264337593543950336
>>> 2^128-2^32 = 340282366920938463463374607427473244160
>> not quite. let's posit 42 devices on the average lan segment
>> (ymmv).
>>
>> 42*(2^
Bill Stewart wrote:
That's not because it's doing dynamic address assignment - it's
because you're only advertising the aggregate route from the
BRAS/DSLAM/etc., and you can just as well do the same thing if you're
using static addresses.
Customers can land on one of a fleet of large BRAS ac
On Fri, Feb 6, 2009 at 7:12 PM, Matthew Moyle-Croft
wrote:
> Jack Bates wrote:
> > Dynamic or static; how does this alter the state of the routing table?...
> Dynamic assigned addresses mean that the BRAS the customer terminates on can
> hand out a range out of a pool assigned to it. This means
Matthew Moyle-Croft wrote:
Stephen Sprunk wrote:
You must be very sheltered. Most end users, even "security" folks at
major corporations, think a NAT box is a firewall and disabling NAT
is inherently less secure. Part of that is factual: NAT (er, dynamic
PAT) devices are inherently fail-clos
>as I've said a few times now, reason #775 that autoconf is a broken and
non-
>useful 'gadget' for network operators. There is a system today that does
>lots of client-conf (including the simple default-route +
>dns-server) called DHCP, there MUST be a similarly featured system in the
>'new world o
>Five things? Really? My DHCP server hands out the following things to its
>clients:
>
>Default Route
>DNS Servers
>Log host
>Domain Name (or, our case, the sub-domain for the office) NIS Domain NIS
>Servers NTP Server WINS Servers SMTP Server POP Server NNTP Server Domain
>suffix search orders.
On Feb 7, 2009, at 2:09 AM, Nathan Ward wrote:
On 6/02/2009, at 12:00 PM, Joe Maimon wrote:
This assignment policy is NOT enough for every particle of sand on
earth, which is what I thought we were getting.
There is enough for 3616 /64s, or 14 /56s per square centimetre of
the earth's surf
On 6/02/2009, at 1:01 PM, David W. Hankins wrote:
On Thu, Feb 05, 2009 at 05:12:19PM -0600, Jack Bates wrote:
Operationally, this has been met from my experience. In fact, all
of these
items are handled with stateless DHCPv6 in coordination with SLAAC.
Stateful DHCPv6 seems to be limited wit
On 6/02/2009, at 12:00 PM, Joe Maimon wrote:
This assignment policy is NOT enough for every particle of sand on
earth, which is what I thought we were getting.
There is enough for 3616 /64s, or 14 /56s per square centimetre of the
earth's surface, modulo whatever we have set aside for multi
Tell ya what Owen,
When you can show me residential grade CPE which has a DECENT stateful
firewall then PLEASE let me know.
Needs to do other things well, not crash, not cost hundreds of
dollars, supportable, does VOIP, WIFI etc are manufacturer supported
etc. Of course, it needs to do I
On Feb 6, 2009, at 7:06 PM, Matthew Moyle-Croft wrote:
Stephen Sprunk wrote:
You must be very sheltered. Most end users, even "security" folks
at major corporations, think a NAT box is a firewall and disabling
NAT is inherently less secure. Part of that is factual: NAT (er,
dynamic
Jack Bates wrote:
Dynamic or static; how does this alter the state of the routing table?
A network assigned is a network assigned. In addition, IPv6 has some
decent support for mobile IP, which my limited understanding of says
they enjoy routing tables the rest of us never get to see.
Dynam
Stephen Sprunk wrote:
You must be very sheltered. Most end users, even "security" folks at
major corporations, think a NAT box is a firewall and disabling NAT is
inherently less secure. Part of that is factual: NAT (er, dynamic
PAT) devices are inherently fail-closed because of their desi
Joe Abley wrote:
On 4-Feb-2009, at 16:16, Patrick W. Gilmore wrote:
I guess I was thinking about v4 modems which do not get a subnet,
just an IP address. If we really are handing out a /64 to each DSL &
Cable modem, then we may very well be recreating the same problem.
All the advice I have
Roger Marquis wrote:
Seth Mattinen wrote:
Far too many people see NAT as synonymous with a firewall so they
think if you take away their NAT you're taking away the security of a
firewall.
NAT provides some security, often enough to make a firewall
unnecessary. It all depends on what's inside
Randy Bush wrote:
>> Wii should not even consider developing " a cool new protocol for the Wii"
>> that is not NAT compliant via V4 or V6.
>
> what is "nat compliant?"
RFC 3235 discusses how to make your application work in the Internet
reality that exists today, with NAT boxes everywhere. The do
I think this part of the thread is in danger of leaving the realm of
operational relevance, so I will treat these as my closing arguments.
On Fri, Feb 06, 2009 at 03:48:53PM +0100, Iljitsch van Beijnum wrote:
> It makes more sense to look at it like this. In the 1990s we had:
No, I think that "sh
On Fri, Feb 6, 2009 at 10:22 AM, Jamie Bowden wrote:
> Five things? Really? My DHCP server hands out the following things to
> its clients:
as I've said a few times now, reason #775 that autoconf is a broken
and non-useful 'gadget' for network operators. There is a system today
that does lots o
ty thousand users on seven continents with far more than a 1:1
end user to host ratio.
Jamie
-Original Message-
From: Iljitsch van Beijnum [mailto:iljit...@muada.com]
Sent: Thursday, February 05, 2009 5:42 PM
To: Ricky Beam
Cc: NANOG list
Subject: Re: v6 & DSL / Cable modems [was: Priva
This is straying from operational to protocol design and implementation,
but as someone who has done a fair bit of both design and implementation...
Iljitsch van Beijnum wrote:
The problem is that DHCP seemed like a good idea at the time but it
doesn't make any sense today. We know that parsing
On 6 feb 2009, at 0:55, David W. Hankins wrote:
Exhibit A: With IPv6 Address Autoconfiguration (tm) (patent
pending), you
don't need DHCP. *face plant* The IPv4 mistake you've NOT learned
from
here is "rarp". DCHP does far more than tell a host was address
it should
use.
Actually it g
On 6 feb 2009, at 1:15, Ricky Beam wrote:
I see IPv6 address space being carved out in huge chunks for reasons
that equate to little more than because the total space is
"inexhaustable". This is the exact same type of mis-management that
plagues us from IPv4's early allocations.
Think of
On Thu, 5 Feb 2009, Paul Timmins wrote:
> John Schnizlein wrote:
> >
> > Maybe upgrades, service packs and updates will make them capable of using
> > DHCPv6 for useful functions such as finding the address of an available name
> > server by the time IPv6-only networks are in operation.
>
> And if
Matthew Moyle-Croft wrote:
My comment was regarding customers believing that they were going to, by
default, get a statically allocated range, whatever the length.
If most customers get dynamically assigned (via PD or other means) then
the issue is not a major one.
Dynamic or static; how
My comment was regarding customers believing that they were going to,
by default, get a statically allocated range, whatever the length.
If most customers get dynamically assigned (via PD or other means)
then the issue is not a major one.
MMC
On 06/02/2009, at 8:56 PM, Paul Jakma wrote:
On Thu, 5 Feb 2009, Matthew Moyle-Croft wrote:
DHCP(v6). Setting the idea in people's heads that a /64 IS going
to be their own statically is insane and will blow out provider's
own routing tables more than is rational.
Routing table size will be a function of the number of customers -
*not
"David W. Hankins" writes:
> On Thu, Feb 05, 2009 at 11:42:27PM +0100, Iljitsch van Beijnum wrote:
>> On 5 feb 2009, at 22:44, Ricky Beam wrote:
>>> I've lived quite productively behind a single IPv4 address for nearly 15
>>> years.
>>
>> So you were already doing NAT in 1994? Then you were ahead
In message <498bddac.7060...@eeph.com>, Matthew Kaufman writes:
> Mark Andrews wrote:
> > WII's should be able to be directly connected to the network
> > without any firewall. If they can't be then they are broken.
>
> As I'm sure you know, you can tell the difference between an Interne
Mark Andrews wrote:
WII's should be able to be directly connected to the network
without any firewall. If they can't be then they are broken.
As I'm sure you know, you can tell the difference between an Internet
evangelist and someone who mans the support lines by how they fee
Randy Bush wrote:
Wii should not even consider developing " a cool new protocol for the Wii"
that is not NAT compliant via V4 or V6.
what is "nat compliant?"
Quite unfortunately, that has come to mean something. Specifically, TCP
or UDP (and no other IP protocol numbers) and application pro
> Wii should not even consider developing " a cool new protocol for the Wii"
> that is not NAT compliant via V4 or V6.
what is "nat compliant?"
randy
On Thu, 5 Feb 2009, Ricky Beam wrote:
telling me I need 18 billion, billion addresses to cover 2 laptops, a Wii, 3
tivos, a router, and an access point?
You have more computing power in your house than the Fortune 500 did 40
years ago to manage their entire billing, payroll etc.
They had tho
>So it fails in scenarios where enforcing network policy is important.
If the policy is address specific, perhaps.
If the policy is segment specific, no prob.
/TJ
PS - for emphasis, I am not arguing strictly for or against either SLAAC or
DHCPv6.
Both can work, and IMHO should be allowed to do
George William Herbert wrote:
Perhaps there are better ways to do all of this from the start.
But IPv6 is not helping any of the ways we have evolved to deal
with it.
IPv6 does just fine with dynamic addressing and with static addressing.
I'm not sure what your problem is. An ISP can still
On Thu, Feb 05, 2009 at 04:30:12PM -0800, Joe Abley wrote:
> The particular example I've been working with is with a JUNOSe server and
> an IOS client which, as a solution for business DSL service, seems
> deployable.
Yes! Sorry, I just try to emit a little more skepticism about
pervasive clien
Leo writes:
>Customers don't want static addresses.
>
>They want DNS that works, with their own domain names, forward and
>reverse.
>
>They want renumbering events to be infrequent, and announced in
>advance.
>
>They want the box the cable/dsl/fios provider to actually work,
>that is be able to do
On Fri, Feb 06, 2009 at 11:36:25AM +1100, Mark Andrews wrote:
[...]
> WII's should be able to be directly connected to the network
> without any firewall. If they can't be then they are broken.
Amen brother Mark! Can I get a hallelujah from the chorus?
(Meanwhile, I'll continue to l
This is falling outside of the IPv6/RFC-1918 discussion, so
I'll only answer questions with questions... If there's need for
a real discussion, I'll let someone change the subject, and continue
on...
On Fri, Feb 06, 2009 at 01:11:13AM +0100, Sven-Haegar Koch wrote:
[...]
> > The flip side shows u
In message , Sven-Haegar Ko
ch writes:
> If the end-users really get public addresses for their WII and game-PCs,
> do you really think they won't just open the box totally in their
> firewall/router and catch/create even more problems?
You mean they don't already list as the DMZ addres
On 5-Feb-2009, at 16:14, David W. Hankins wrote:
The truth is it is actually not very likely that you can build an
IPv6 network today using DHCPv6, unless you have large populations
of those systems.
The particular example I've been working with is with a JUNOSe server
and an IOS client whi
On Feb 5, 2009, at 11:06 AM, Joe Abley wrote:
On 5-Feb-2009, at 06:34, Christopher Morrow wrote:
to be fair, there are 3 options for multihoming today in v6 (three
sanctioned by the IETF, not ordered in any order, not including
discussion about goodness/badness/oh-god-no-ness of these)
1) mu
321-663-0421 Cell
-Original Message-
From: Sven-Haegar Koch [mailto:hae...@sdinet.de]
Sent: Thursday, February 05, 2009 7:11 PM
To: John Osmon
Cc: NANOG list
Subject: Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP
space (IPv6-MW)]
On Thu, 5 Feb 2009, John Osmon wrote:
&
On Thu, 05 Feb 2009 17:42:27 -0500, Iljitsch van Beijnum
wrote:
I've lived quite productively behind a single IPv4 address for nearly
15 years.
So you were already doing NAT in 1994? Then you were ahead of the curve.
"NAT" didn't exist in '94. But, Yes. And, Yes. I had several computers
On Thu, Feb 05, 2009 at 06:15:02PM -0500, Ricky Beam wrote:
>> You might like to review the DHCPv6 specification and try some of its
>> implementations.
Joe is being a little overzealous. Unfortunately, there are very
few DHCPv6 clients in the wild today. I think this has grown slightly
since t
On Thu, 5 Feb 2009, John Osmon wrote:
> On Thu, Feb 05, 2009 at 04:44:58PM -0500, Ricky Beam wrote:
> > [...] I've lived quite productively behind a single IPv4 address for
> > nearly 15 years. I've run 1000 user networks that only used one IPv4
> > address for all of them. I have 2 private
On Thu, Feb 05, 2009 at 05:12:19PM -0600, Jack Bates wrote:
> Operationally, this has been met from my experience. In fact, all of these
> items are handled with stateless DHCPv6 in coordination with SLAAC.
> Stateful DHCPv6 seems to be limited with some vendors, but unless they plan
> to do pro
1 - 100 of 295 matches
Mail list logo