nanog mailing list archives
Re: Important IPv6 Policy Issue -- Your Input Requested
From: Simon Lyall <simon () darkmere gen nz>
Date: Wed, 10 Nov 2004 09:55:39 +1300 (NZDT)
On Wed, 10 Nov 2004, Jerry Eyers wrote:
I have devices that have no need, never will have a need, to ever talk outside of the internal networks, nor do I want some brain dead user to drop some stupid little device on the network and tada, route access to some of my inside network simply because the addresses are valid. I want my inside addresses to be non accessible from the 'real world', ever. If IPv6 can't offer me the luxury (even if it is not valid or justified) then I see no reason to change from IPv4 to IPv6 in the core. Just do it on the periphery. It is VERY expensive to a corporation to accomplish a renumber, and if there is no benefit, then.....
Depending on putting devices on 1918 for security is dangerious. All it takes is one little misconfigured router (or less than strict filters) and any of your peer's customers can start talking to your backend database servers. Assuming that just because they are 1918 address they are not remotely visable is a dangerous simplification. eg I just hopped though 3 providers (using default routes) to ping a well known [1] 192.168.x.x address. [1] - In NZ. -- Simon J. Lyall. | Very Busy | Mail: simon () darkmere gen nz "To stay awake all night adds a day to your life" - Stilgar | eMT.
Current thread:
- RE: Important IPv6 Policy Issue -- Your Input Requested, (continued)
- RE: Important IPv6 Policy Issue -- Your Input Requested Paul Gilbert (Nov 08)
- Re: Important IPv6 Policy Issue -- Your Input Requested Iljitsch van Beijnum (Nov 08)
- Re: Important IPv6 Policy Issue -- Your Input Requested Leo Bicknell (Nov 08)
- Re: Important IPv6 Policy Issue -- Your Input Requested Iljitsch van Beijnum (Nov 09)
- Re: Important IPv6 Policy Issue -- Your Input Requested Adrian Chadd (Nov 09)
- Re: Important IPv6 Policy Issue -- Your Input Requested Leo Bicknell (Nov 09)
- Re: Important IPv6 Policy Issue -- Your Input Requested Michael . Dillon (Nov 09)
- Re: Important IPv6 Policy Issue -- Your Input Requested Jerry Eyers (Nov 09)
- Re: Important IPv6 Policy Issue -- Your Input Requested Randy Bush (Nov 09)
- Re: Important IPv6 Policy Issue -- Your Input Requested vijay gill (Nov 09)
- Re: Important IPv6 Policy Issue -- Your Input Requested Simon Lyall (Nov 09)
- Re: Important IPv6 Policy Issue -- Your Input Requested Iljitsch van Beijnum (Nov 09)
- Re: Important IPv6 Policy Issue -- Your Input Requested Leo Bicknell (Nov 08)
- Re: Important IPv6 Policy Issue -- Your Input Requested Christopher L. Morrow (Nov 10)
- Re: Important IPv6 Policy Issue -- Your Input Requested Daniel Roesen (Nov 08)
- Re: Important IPv6 Policy Issue -- Your Input Requested James (Nov 08)
- Re: Important IPv6 Policy Issue -- Your Input Requested Jeroen Massar (Nov 09)
- Re: Important IPv6 Policy Issue -- Your Input Requested Hank Nussbacher (Nov 09)
- Re: Important IPv6 Policy Issue -- Your Input Requested Jeroen Massar (Nov 09)
- Re: Important IPv6 Policy Issue -- Your Input Requested Niels Bakker (Nov 09)