Firewall Wizards mailing list archives
Re: IPv6
From: Dave Piscitello <dave () corecom com>
Date: Fri, 07 Jan 2011 09:24:03 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Paul, Administrative nightmare aside, I agree it's possible and possibly sustainable, perhaps while some governments heed Darren's advice and mandates implementation:-) It certainly seems like the majority of organizations are relying on this to prove true. Problems will only grow as some networks evolve from "only IPv4" to "v4 and v6, prefer v4" to "v4 and v6, prefer v6" to "only v6" (not in my lifetime or perhaps my childrens') And I'm not only talking about routing/reachability here. Some of these problems are currently seen in DNS implementations (stub and resolver handling of responses) and servers (what people include in their zone files and how OSs work, see this thread for a sample http://www.tunnelbroker.net/forums/index.php?topic=747.0). I am also not convinced that some 11th hour 59th minute "change of heart" won't occur, and someone will convince the community of an alternative course. A surprising number of class A's could be returned to the allocation pool (Interop just returned one). Perhaps we'd do better with Moskowitz's Host ID in the prolonged NAT'd world you envision. I don't know enough about how this works to assert this but Bob would. But I'm not certain that we really need to have statistically publicly unique addresses for every device and RFID enable container, either. This could prove to be the lazy path forward. I say "lazy path forward" because at this point IPv6 is nearly 2 decades old and arguably has less of a foothold than ISDN after the same time span. Almost all of what was considered "innovation" is either enfolded into IPv4 or proven to be less useful than imagined. I suspect a fair number of right-thinking people are asking "is this the best we can do? are we really only doing this because we are running out of addresses?" I worry that we'll *only* get a bigger address space out of this migration and that is a tragedy. Sorry if I've rambled... On 1/6/2011 7:00 PM, Paul Melson wrote:
On Thursday, January 6, 2011, Dave Piscitello <dave@corecom.If ever the phrase "living on borrowed time" applied to the Internet, it might be now. Many organizations are approaching a time when they may have to accept a weaker security deployment in order to add systems because they won't be able to obtain IPv4 addresses.Nah, RFC1918 reserved address spaces and NAT ensure ridiculous levels of internal scalability. It's an ugly administrative nightmare, but very much possible. And with the right public-facing services infrastructure, it's possible to obscure tens of thousands of servers behind a single IPv4 address. As an industry, we have yet to plumb the true depths of IP address space management. And until we do, where's the incentive to push for v6 adoption? PaulM
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNJyIDAAoJEDa3DI8IpP3/F2EH/0uWNekOd+M+MYRI84MS2bQv d75B6JJm0bBp+1HRTgz+LZerExhHOftbX9eS9pwAI8Dem3mUPsxzL8a3dtkHlJU4 IkJniBlzXx+JY8mSaPOG1wE9MH4JwkoaNxx9ry5fffOBkLXG36fwRQtMsQrM9fox i354w9EKx+iRWxk0xiF3k2SL3Xl0Z0rzblO00pCz2Tu1FuqlYZKuvJB6QTJmJFPe 90zw0UTnKApGNi02b6mGGSEvueset8DQb34EPivQ4geCLGOv1GbVnvjurTGFbeXj zYwCvI223+kd8h1ZNCQ504zwU//h0Lr9CNKipqX5nWJq7Xw1R5rya4GdejVC6Fg= =tqPI -----END PGP SIGNATURE-----
Attachment:
dave.vcf
Description:
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: IPv6 John Kougoulos (Jan 01)
- Re: IPv6 Dave Piscitello (Jan 11)