nanog mailing list archives

Re: Important IPv6 Policy Issue -- Your Input Requested

From: Simon Lyall <simon () darkmere gen nz>
Date: Wed, 10 Nov 2004 09:55:39 +1300 (NZDT)


On Wed, 10 Nov 2004, Jerry Eyers wrote:

I have devices that have no need, never will have a need, to ever
talk outside of the internal networks, nor do I want some
brain dead user to drop some stupid little device on the network
and tada, route access to some of my inside network simply because
the addresses are valid.  I want my inside addresses to be
non accessible from the 'real world', ever.  If IPv6 can't offer me
the luxury (even if it is not valid or justified) then I see no reason
to change from IPv4 to IPv6 in the core.  Just do it on the
periphery.  It is VERY expensive to a corporation to accomplish
a renumber, and if there is no benefit, then.....


Depending on putting devices on 1918 for security is dangerious. All it
takes is one little misconfigured router (or less than strict filters) and
any of your peer's customers can start talking to your backend database
servers.

Assuming that just because they are 1918 address they are not remotely
visable is a dangerous simplification.

eg I just hopped though 3 providers (using default routes) to ping a well
known [1] 192.168.x.x address.

[1] - In NZ.

-- 
Simon J. Lyall.  |   Very  Busy   |   Mail: simon () darkmere gen nz
"To stay awake all night adds a day to your life" - Stilgar | eMT.

Current thread:

RE: Important IPv6 Policy Issue -- Your Input Requested, (continued)
- - RE: Important IPv6 Policy Issue -- Your Input Requested Paul Gilbert (Nov 08)
- Re: Important IPv6 Policy Issue -- Your Input Requested Iljitsch van Beijnum (Nov 08)
  - Re: Important IPv6 Policy Issue -- Your Input Requested Leo Bicknell (Nov 08)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Iljitsch van Beijnum (Nov 09)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Adrian Chadd (Nov 09)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Leo Bicknell (Nov 09)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Michael . Dillon (Nov 09)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Jerry Eyers (Nov 09)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Randy Bush (Nov 09)
    - Re: Important IPv6 Policy Issue -- Your Input Requested vijay gill (Nov 09)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Simon Lyall (Nov 09)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Iljitsch van Beijnum (Nov 09)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Christopher L. Morrow (Nov 10)
- Re: Important IPv6 Policy Issue -- Your Input Requested Joe Maimon (Nov 08)
  - Re: Important IPv6 Policy Issue -- Your Input Requested Daniel Roesen (Nov 08)
  - Re: Important IPv6 Policy Issue -- Your Input Requested James (Nov 08)
- Re: Important IPv6 Policy Issue -- Your Input Requested Hank Nussbacher (Nov 09)
  - Re: Important IPv6 Policy Issue -- Your Input Requested Jeroen Massar (Nov 09)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Hank Nussbacher (Nov 09)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Jeroen Massar (Nov 09)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Niels Bakker (Nov 09)

(Thread continues...)