-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
though really OT, its a really important point for a "Router-Distro" as which I love OpenWRT; so I'd want to explain my point. And I also read the RIPE-lists where I often have to swallow *not* to respond to all those IPv6-hurrays which arent present in real world IMHO.. First of all, don't get me wrong, I'm technically not against IPv6, we're even offering it for customers (without any extra-price on top) it's just a fact that 0,000% ever asked for (or would pay a cent more for having it), because 100% are running v4.. Am 23.04.2012 11:26, schrieb Gert Doering: > There are ISPs in Asia today(!) that *will* *not* give you an IPv4 > address, because they have none left. Ok, but I have over 10 sites far east with IPv4 running.. not representative/much but well, it works right here&now. And I'm sure they have some measures to reach 99% of the Internet on this planet through IPv4.. (I remember the IPv6-day last year, it was funny, even Google failed 30-50%..) OTOH, none of my upstreams gives me native IPv6, only tunnel-crap at best (I won't name them, AS42283 for anyone who could Google/read BGP..) So give me one reason to change Upstream, make me 2 weeks of work and maybe pay more, just to be able to participate in this big experiment. > IPv6 is most relevant to real-life. I came along without so far ;) Though, again, I could have it running, just don't want as I see no need and many risks/problems.. > Many of the problems we see in IPv6 deployments are caused exactly > by this attitude Agreed but lets get realisitic, my objectives (home, office & customers) are: 1) security 2) it works 3) technically perfect v6 only meets #3.. Do you expect any DSL user or Soho-Admin which doesn't even understand what an (IPv4) Subnet-mask is to understand that.. a) It's a big security risk at first as noone really knows whats going on with IPv6 (at least on customer/user-side!) So the first thing before even considering it, is the Firewall on the router (here: OpenWRT) should be at least as closed as for IPv4 with NAT by default. Is it? Or whats happens if John Doe gets assigned a /64 or John Does Company a /48? Anyone on this planet could Airplay in her/his home, funny :p They are at first widely open, with current OS's having IPv6 happily enabled by default. Thats IMHO a real problem.. I spend more time telling my customers what this really means than why they need v6 sometime in future.. That beams the Internet back to 1990, where you just trusted that the others won't do no harm anyway, the only current protection is IMHO that noone knows, how to exploit it.. b) As you mentioned in later posts, it's a pain mixed with more pain, 6to4, 6rd, causes timeouts, problems, troubles (how do I teach that my 6 Cisco Border-Routers? oh well I could buy new ones with 8x RAM etc..)-> which end-user wants them and - who pays for? Noone.. To find some conclusion at least for myself, as soon as deploying IPv6 on End-Users is painless *and at least as secure as v4 with NAT* I'd think about to enable it - and happy to work on. But really, currently I dont see this on the horizon. Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+V3O0ACgkQaWRHV2kMuAJo8wCfW8NxeKWuO1TLf+uCcMX9M0WV It4AoKaSiswc9vLWuQaGbanOWpojq7Bg =FrSy -----END PGP SIGNATURE----- _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
