nanog mailing list archives
Re: IPv6 end user addressing
From: Jimmy Hess <mysidia () gmail com>
Date: Mon, 8 Aug 2011 23:37:11 -0500
On Mon, Aug 8, 2011 at 10:43 PM, Chris Adams <cmadams () hiwaay net> wrote:
Even on a server lan you'll occasionally want to plug in a PC for diagnostics without having to poke in an IP address by hand.Actually, nobody should be plugging any random device into my server LANs, and I certainly don't want to encourage it by having it work (even if just for IPv6).
If you must not have someone plugging into your server LAN without permission, you turn unused ports off, or preferably, place them in a VLAN island with no topological connection to anything. Because it's going to be easier to turn the port back on, than to give someone a 128-bit IP6 address, IPv6 netmask, IPv6 DNS servers, and IPv6 default gateway address set to manually key into their machine. If someone can get to a live port, assuming it's not protected by 802.1x port security or similar; IPv6 will "just work" for fe80:: network link-local connectivity, whether you deploy stateless auto-config or not, which is enough connectivity to find and mess with servers in the LAN. And probably enough connectivity to say "that's too much connectivity", if the LAN is indeed restricted. Similar to how IPv4 has rfc3927, except IPv6 link local addresses get assigned, even to devices that have global IPv6 IPs, so the link local 'subnet' is active even on fully connected devices.
Chris Adams <cmadams () hiwaay net>
Regards, -- -JH
Current thread:
- Re: IPv6 end user addressing, (continued)
- Re: IPv6 end user addressing Jeff Wheeler (Aug 09)
- Re: IPv6 end user addressing Owen DeLong (Aug 09)
- Re: IPv6 end user addressing Sven Olaf Kamphuis (Aug 09)
- Re: IPv6 end user addressing Owen DeLong (Aug 09)
- Re: IPv6 end user addressing Randy Carpenter (Aug 09)
- Re: IPv6 end user addressing Owen DeLong (Aug 09)
- Re: IPv6 end user addressing Joel Jaeggli (Aug 09)
- Re: IPv6 end user addressing Owen DeLong (Aug 09)
- Re: IPv6 end user addressing William Herrin (Aug 09)
- Re: IPv6 end user addressing Chris Adams (Aug 09)
- Re: IPv6 end user addressing Jimmy Hess (Aug 09)
- Re: IPv6 end user addressing Chris Adams (Aug 09)
- Re: IPv6 end user addressing William Herrin (Aug 09)
- Re: IPv6 end user addressing Randy Bush (Aug 09)
- RE: IPv6 end user addressing Cameron (Aug 09)
- RE: IPv6 end user addressing Jonathon Exley (Aug 09)
- Re: IPv6 end user addressing Owen DeLong (Aug 09)
- RE: IPv6 end user addressing Jonathon Exley (Aug 09)
- Re: IPv6 end user addressing Valdis . Kletnieks (Aug 09)
- Re: IPv6 end user addressing Tim Franklin (Aug 09)
- Re: IPv6 end user addressing Ryan Malayter (Aug 09)