Re: What is Brocade up to here?
On Oct 28, 2013, at 8:29 AM, Sander Steffann wrote: Hi, It's been broken for months, too. Happy Eyeballs seems to work pretty well for the internet. Did they just fix it? I did send them a heads-up, so they might. I also immediately gave a heads up to one of my contacts there, and heard back that they fixed it last night. No details yet on exactly what was misconfigured. --Ron
Re: teredo.ipv6.microsoft.com off?
On Jul 17, 2013, at 6:20 AM, Jeroen Massar wrote: On 2013-07-17 15:09 , Ron Broersma wrote: On Jul 16, 2013, at 10:40 PM, Mikael Abrahamsson wrote: On Tue, 16 Jul 2013, Christopher Palmer wrote: If there is feedback on the ongoing experiment or our consideration of sunsetting Teredo, do let me know. So far people have been quite enthusiastic. I am too. I would really like to see 6to4 and teredo be default off everywhere, and people who want it can manually turn it on. If teredo went away completely, that would also be a good thing. Strongly concur here as well. One less thing I have to disable on all my systems in enterprise nets. Windows boxes that are in an Active Domain (which should match your 'enterprise net') have Teredo and 6to4 disabled per default. Next to that one can enforce that of course through AD policies. A number of my enterprise nets support many OSs and are not AD-centric. That's why I qualified my enterprise nets as heterogeneous. But yes, if you are homogeneous on Windows and everything is in AD, you can disable those things through GPO. For me, we have to tell each of our users to disable teredo, disable 6to4, disable privacy/temporary addresses, etc., and in many cases beg them to upgrade to OSs that support DHCPv6. smime.p7s Description: S/MIME cryptographic signature
Re: teredo.ipv6.microsoft.com off?
There's quite some debate which approach to use due to operational practices and MS telling people not to 'fully' disable IPv6 as you might lose support for $SYSTEM. I'm still looking for a source too. Rumors have it that the Windows 7 roll out here (large enterprise customer) will be with IPv6 disabled. I guess that why they hired me to do the IPv6 planing (on the network side). Most of the talks that I've seen from Sean Siler (IPv6 guy at Microsoft) have a slide on best practices, where his point #1 is Leave Windows in the default configuration (IPv6 enabled), and he describes how disabling IPv6 comes with risk because you will be operating the OS in an untested configuration. We translate that into a security issue, and therefore make is a security violation to disable IPv6 in Windows7 and later. I know that is somewhat inconsistent with the DoD STIG, but IMHO the STIG is wrong. smime.p7s Description: S/MIME cryptographic signature
