In order for networks to grow they will need to have the ability to push public IPs to the customer. I totally see a point where every device on a customer’s lan needs to have a public IP address. We are already seeing the trend toward this. Home security systems, IP enabled appliances, multiple Netflix boxes, and all these devices which communicate somewhere. So far, ISPs have been able to deal with this because the developers recognize this is the way things are. Anyone who has received the call “my Xbox says restricted nat” has experienced this.
We all know you can do port forwarding in routers, etc. But as the household becomes more and more dynamic people are going to want to deal with the hassle of this. They just want stuff to work. Being able to give everyone a public IP, and even being able to give every device a public will become something consumers will demand. Not everyone, but the apps and systems will drive the need. Right now there are no “killer apps” that take advantage of the advantages of v6. This already happens on the cell phone networks. Phones which can do V6 have access to more network features. Granted, the software rarely take advantage but they are there. Imagine the day when Microsoft says you can get this ultra cool new feature in the latest XboX if your provider supports IPv6. The Comcast pipes up and says they support it. Justin --- Justin Wilson <[email protected]> http://www.mtin.net Managed Services – xISP Solutions – Data Centers http://www.thebrotherswisp.com Podcast about xISP topics http://www.midwest-ix.com Peering – Transit – Internet Exchange > On Jul 1, 2015, at 11:48 AM, Glen Waldrop <[email protected]> wrote: > > For one I've got 5 PC's on this network that I use regularly, never had an > issue. Secondly, whenever *anything* hinky is going on (here, there, QoS > tweaking, etc) I torch the Ethernet connection to see what is going on and > where it is being dropped. > > I forgot to mention earlier, we have had an issue with my Linux email server, > security flaw, patched and now secured by the Mikrotik rather than it's own > firewall. > > I see in my logs where people are attacking my network constantly. I'd much > rather have 10-15 points to defend than hundreds. > > > > ----- Original Message ----- From: "Paul Stewart" <[email protected]> > To: <[email protected]> > Sent: Wednesday, July 01, 2015 10:26 AM > Subject: Re: [AFMUG] private ipv4 sale / leases > > > > One other comment around "haven't had a security issue yet". I used to get > the same argument from a former co-worker and my question was always "how do > you know you haven't had a security issue?". > > It seems like a loaded question but unless you have some pretty advanced > security *in* your network, then most folks don' know they have been > breached. I showed someone a few years ago that their Windows server had > been pawned and they didn't believe me at first - then I showed that for the > previous 3 years someone had full access remotely to that server and had been > gathering data from it on regular basis. This server was behind two layers > of firewalls, host IDS, network IDS, anti-spyware, and anti-virus. Pretty > extreme example but have seen it happen more than once... > > > -----Original Message----- > From: Af [mailto:[email protected]] On Behalf Of Glen Waldrop > Sent: Wednesday, July 1, 2015 11:16 AM > To: [email protected] > Subject: Re: [AFMUG] private ipv4 sale / leases > > Maybe I need to study a bit more, but I run MT, haven't had a security issue > yet. > > I've got a firewall configured on the MT. The only way I see into my network > is owning one of my routers, though you guys may educate me. > > We've had plenty of attempts. The only thing that has successfully shut us > down so far was the DNS DDoS attack saturating our fiber. > > I know nothing is 100% secure, but not having my personal network directly on > the Internet certainly seems better to me. > > > > ----- Original Message ----- From: "Ken Hohhof" <[email protected]> > To: <[email protected]> > Sent: Wednesday, July 01, 2015 10:09 AM > Subject: Re: [AFMUG] private ipv4 sale / leases > > >> >> NAT is not security through obscurity, unless you're referring to 1:1 NAT >> which is not what most people mean when they say NAT. >> >> Setting up NAT in a Mikrotik illuminates the situation. In order for NAT >> (actually overloaded dynamic NAT/PAT) to work, you must turn on connection >> tracking, allow incoming established and related, and block all other >> inbound traffic unless port forwarding is set up via dstnat. >> >> In other words, a stateful firewall. >> >> Now if you're talking about advanced firewall functions like >> detecting/blocking/reporting intrusion attempts, yeah that's great, but >> it's beyond what 99.99% of people implement in their firewall. >> >> >> >> -----Original Message----- From: Paul Stewart >> Sent: Wednesday, July 01, 2015 9:52 AM >> To: [email protected] >> Subject: Re: [AFMUG] private ipv4 sale / leases >> >> I'm not sure your argument is really valid.. NAT is "security through >> obscurity" which translates to "zero additional security" also known as >> "false security" >> >> IPv6 behind a stateful firewall is just as secure - some folks would argue >> it's more secure but that argument would take several paragraphs to get >> into ;) >> >> -----Original Message----- >> From: Af [mailto:[email protected]] On Behalf Of Glen Waldrop >> Sent: Wednesday, July 1, 2015 10:01 AM >> To: [email protected] >> Subject: Re: [AFMUG] private ipv4 sale / leases >> >> Yeah, but the great thing about NAT is that my network isn't public. >> >> That is my primary argument with IPv6. >> >> >> >> ----- Original Message ----- From: "Chuck McCown" <[email protected]> >> To: <[email protected]> >> Sent: Wednesday, July 01, 2015 8:28 AM >> Subject: Re: [AFMUG] private ipv4 sale / leases >> >> >>> >>> You could use a single IPv6 to say, Mars. >>> >>> And everyone on Mars could have their own static IP that uses the first >>> 64 >>> to get to Mars and the second 64 to get to all the subscribers. Assuming >>> routers exist that would do this. >>> >>> -----Original Message----- From: Matt >>> Sent: Wednesday, July 01, 2015 7:22 AM >>> To: [email protected] >>> Subject: Re: [AFMUG] private ipv4 sale / leases >>> >>>> Just saying that NAT is not needed. Every single IP gives you so much >>>> address space that you will never be able to use it. >>>> >>>> Essentially a number of globally routable set of static IPs come with >>>> every IP such that one single IP could probably run the whole planet >>>> right now. >>> >>> You mean every /64 which is minimum customer assignment in most >>> respects does. A single IPv6 IP is still just a single IP. >>> >> >> >> >> > > >
