On Tue, 29 Nov 2011 03:23:04 EST, Jeff Wheeler said: > On Tue, Nov 29, 2011 at 1:43 AM, <[email protected]> wrote: > > It's worked for us since 1997. We've had bigger problems with IPv4 worms > > That's not a reason to deny that the problem exists. It's even > fixable. I'd prefer that vendors fixed it *before* there were massive > botnet armies with IPv6 connectivity, but in case they don't, I do not > deploy /64.
Umm.. Jeff? I never *tried* to deny the problem exists. But if you have an eyeball-heavy network, it's hard to not deploy /64s (currently, we do SLAAC to get the basic config, and DNS/etc is still via dhcp4/IPv4). We just see the business danger of waiting to start deploying IPv6 till the vendors are perfect as being a bigger danger than the ND exhaustion issue. (How many years did we go with ARP and DHCP spoofing being well-known issues before vendors fixed that? Yeah, exactly.)
pgpXw7IZkX7Uu.pgp
Description: PGP signature
