nanog mailing list archives
Re: Only 5x IPv4 /8 remaining at IANA
From: Owen DeLong <owen () delong com>
Date: Mon, 18 Oct 2010 09:25:22 -0700
On Oct 18, 2010, at 8:47 AM, George Bonser wrote:
-----Original Message----- From: Henning Brauer Sent: Monday, October 18, 2010 8:36 AM To: nanog () nanog org Subject: Re: Only 5x IPv4 /8 remaining at IANA instead of working on a viable alternative that doesn't suck. Which is certainly possible.I would say that at this point it is too late to resist v6 deployment but it might be a good time to work on the "next thing" and use v6 as an example of how not to do it next time. It certainly is going to present some security challenges for some folks, particularly the ones that have been using dynamic nat pools to, in effect, block inbound connections. Firewall vendors are going to see a windfall from v6, I think. G
Nobody is using dynamic nat pools to block inbound connections. Many people are using dynamic NAT on top of stateful inspection where stateful inspection blocks inbound connections. The good news is that stateful inspection doesn't go away in IPv6. It works just fine. All that goes away is the header mangling. It's really unfortunate that most people don't understand the distinction. If they did, it would help them to realize that NAT doesn't actually do anything for security, it just helps with address conservation (although it has some limits there, as well). IPv6 with SI is no less secure than IPv4 with SI+NAT. If you're worried about address and/or topological obfuscation, then, IPv6 offers you privacy addresses with rotating numbers. However, that's more a privacy issue than a security issue, unless you believe in the idea of security through obscurity which is pretty well proven false. Owen
Current thread:
- Only 5x IPv4 /8 remaining at IANA Jeroen Massar (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Stephen D. Strowes (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Paul Thornton (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA ML (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Curtis Maurand (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Owen DeLong (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Henning Brauer (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Jared Mauch (Oct 18)
- RE: Only 5x IPv4 /8 remaining at IANA George Bonser (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Owen DeLong (Oct 18)
- RE: Only 5x IPv4 /8 remaining at IANA Tony Hain (Oct 18)
- RE: Only 5x IPv4 /8 remaining at IANA George Bonser (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Owen DeLong (Oct 18)
- RE: Only 5x IPv4 /8 remaining at IANA George Bonser (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Mark Smith (Oct 19)
- Re: Only 5x IPv4 /8 remaining at IANA ML (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Valdis . Kletnieks (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Andrew Kirch (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA ML (Oct 18)
- Re: Only 5x IPv4 /8 remaining at IANA Jens Link (Oct 19)
- Re: Only 5x IPv4 /8 remaining at IANA Valdis . Kletnieks (Oct 19)