On 18 Jan 2016 18:13, "Stephen Honlue" <[email protected]> wrote: > > Thanks Noah for sharing. > > My remarks inline. > >> On Jan 18, 2016, at 6:04 PM, Noah <[email protected]> wrote: >> >> >> On 18 Jan 2016 11:17, "Jean-Claude Mudilu" <[email protected]> wrote: >> > >> > Those already implemented IPv6 need to share their success cases to encourage the community starting use the IPv6 acquired. >> > >>> >>> Whether you are running a Cisco or Juniper or Mikrotik or Huwaii or ZTE, standards are the same but implementation/configuration could be different. > > I totally agree. >>> >>> What you have been doing for IPv4 is what you would pretty much do for IPv6. > > Most networks in Africa are running NAT and rely on this as a security feature for example. With IPv6, they will have to rethink their network topology and security. >>>
I have always found the statement that "NAT is a security feature" as rather misleading. Think beyond the transport layer and above and you will realise that NAT is nothing. Anything is possible between Transport and Application layer otherwise [anonymous] wouldnt be bring down websites like a hobby. If softwares are buggy brace yourself for some security issues and NAT wont be around to stop anything. PC users running windows os have had to invest in anti virus solutions and you wonder why given the fact that they tens to seat behind NAT... So there no any rethinking of the network topology because IP is at a layer which you could actually harden but SPAM and phising or application layer security is far above and that is where you are hit... > > Yes really but before diving into configuration, people have to know that IPv6 is not just the successor of IPv4, there is a lot that has changed for example IPv6 heavily really on ICMPv6-with NDP messages-. You won’t just shutdown ICMPv6 for instance as most people did with ICMP and expect IPv6 to work, you therefore need to know various messages codes... >> I tend to just break things and learn along the way. Its a lot and cant learn it all. So my approach would be for guys to just do it and improve along the way oke configuration sythax at a time. > > There is a lot to share with the community to help those that are not yet involved to start right now, that is the reason of this initiative. > Sharing with us here some success cases will help encourage them. All i can share in my free time is how to do it if people want to get the ball rolling. > > Regards, > Stephen. Noah
_______________________________________________ AfrIPv6-Discuss mailing list [email protected] https://lists.afrinic.net/mailman/listinfo/afripv6-discuss
