On Mon, 9 Feb 2009, Ricky Beam wrote:
On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk step...@sprunk.org
wrote:
Non-NAT firewalls do have some appeal, because they don't need to mangle
the packets, just passively observe them and open pinholes when
appropriate.
This is exactly the same
On Tue, 10 Feb 2009 18:03:40 +1100, Matthew Palmer said:
Considering that RFC1918 says nothing about IPv at all, could that be a
blocker for deployment in general? That'd also make for an interesting
discussion re: other legacy protocols (IPX, anyone?)...
I was all set to call shenanigans on
IPTables is decent firewall code.
Not really. It's quite complicated for a non-engineer type to manage.
Think of all the unpatched windows xp/vista users of the world.
It's free.
...
Further, since more and more CPE is being built on embedded linux,
there's no reason that IPTables isn't a
Just for the record, the original post was in reference to use of
non-RFC1918 space on an *air-gapped* network.
--Trey
Let's face it - they're going to have to come up with much more
creative
$200/hour chucklehead consultants to burn through that much anytime soon.
Anybody feel like starting
The SOX auditor ought to know better. Any auditor that
requires NAT is incompenent.
Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
RFC1918 addressing ...
SOX auditors are incompetent. I've been asked about anti-virus
software on UNIX servers and then asked to
However the PCI DSS does contain a Compensating controls section, which
allows for the use of functionality which provide[s] a similar level of
defense to the stated requirements, where the stated requirements can not
be followed due to legitimate technical or documented business
constraints
Now
Considering that RFC1918 says nothing about IPv at all,
That may technically be true, but it does explicitly reference IPv4
addresses.
Oh, and when RFC1918 (or more correctly, RFC1597) was written, IP,
TCP/IP, etc. all directly meant IPv4.
(RFC1597 @ 03/94 ... RFC1883 @ 12/95)
On Feb 10, 2009, at 8:52 AM, TJ wrote:
Current versions of the rest (HIPAA, GLBA, SOX, FIPS, etc.) simply
tend to
omit IPv6 completely, and generally require everything not
explicitly called
out to be disabled ... thus, no IPv6 on any network that falls under
any of
these regulations.
Current versions of the rest (HIPAA, GLBA, SOX, FIPS, etc.) simply
tend to omit IPv6 completely, and generally require everything not
explicitly called out to be disabled ... thus, no IPv6 on any network
that falls under any of these regulations.
TJ - You attempted to say that for PCI, and
On Mon, 09 Feb 2009 21:11:50 -0500, TJ trej...@gmail.com wrote:
Your routers fail frequently? And does your traffic continue to get
forwarded? Perhaps through another router?
More frequently than the DHCP server, but neither are frequent events.
Cisco's software is not 100% perfect, and
Your routers fail frequently? And does your traffic continue to get
forwarded? Perhaps through another router?
More frequently than the DHCP server, but neither are frequent events.
Cisco's software is not 100% perfect, and when you plug it into moderately
unstable things like phone lines
On 10/02/2009, at 3:20 PM, Christopher Morrow wrote:
IPv6 it's easier, but you're still limiting the uptime of your
system to
that of the DHCPv6 server. Router advertisements is much more
robust.
'more robust'... except it doesnt' actually get a device into a usable
state without admins
On 11/02/2009, at 10:41 AM, Ricky Beam wrote:
It's useless. It does NOT provide enough information alone for a
host to function. In your own words, you need a DNS server. That
is NOT provided by RA thus requires yet another system to get that
bit of configuration to the host -- either
On Feb 10, 2009, at 4:30 PM, TJ wrote:
But that is my point - Do any of the compliance frameworks /
requirements /
audit standards today address IPv6, or detail how it could be
implemented in
such a fashion as to 'pass' an audit (including the in-house /
consultant-specific audit
In message op.uo5nvrmrtfh...@rbeam.xactional.com, Ricky Beam writes:
On Mon, 09 Feb 2009 21:11:50 -0500, TJ trej...@gmail.com wrote:
Your routers fail frequently? And does your traffic continue to get
forwarded? Perhaps through another router?
More frequently than the DHCP server, but
On Sun, Feb 8, 2009 at 11:42 PM, Joel Jaeggli joe...@bogus.com wrote:
FD00::/8
ula-l rfc 4139
s/4139/4193/
--
Thanks; Bill
Note that this isn't my regular email account - It's still experimental so far.
And Google probably logs and indexes everything you send it.
On Thu, Feb 05, 2009 at 07:19:37PM -0500, Robert D. Scott wrote:
Wii should not even consider developing a cool new protocol for the Wii
that is not NAT compliant via V4 or V6. And if they do, we should elect a
NANOG regular to go POSTAL and handle the problem. The solution to many of
these
On Mon, 9 Feb 2009, Andy Davidson wrote:
On Thu, Feb 05, 2009 at 07:19:37PM -0500, Robert D. Scott wrote:
Wii should not even consider developing a cool new protocol for the Wii
that is not NAT compliant via V4 or V6. And if they do, we should elect a
NANOG regular to go POSTAL and handle
On Fri, 06 Feb 2009 22:32:10 -0500, Owen DeLong o...@delong.com wrote:
IPTables is decent firewall code.
Not really. It's quite complicated for a non-engineer type to manage.
Think of all the unpatched windows xp/vista users of the world.
It's free.
...
Further, since more and more CPE
On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk step...@sprunk.org
wrote:
Non-NAT firewalls do have some appeal, because they don't need to mangle
the packets, just passively observe them and open pinholes when
appropriate.
This is exactly the same with NAT and non-NAT -- making any
Ricky Beam wrote:
On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk step...@sprunk.org
wrote:
Non-NAT firewalls do have some appeal, because they don't need to mangle
the packets, just passively observe them and open pinholes when
appropriate.
This is exactly the same with NAT and non-NAT --
On Sat, Feb 7, 2009 at 5:56 PM, Matthew Moyle-Croft
m...@internode.com.auwrote:
My issue is that customers have indicated that they feel statics are a
given for IPv6 and this would be a problem if I went from tens of thousands
of statics to hundreds of thousands of static routes (ie. from a
On 10/02/2009, at 11:35 AM, Scott Howard wrote:
Go and ask those people who feel statics are a given for IPv6 if
they
would prefer static or dynamic IPv4 addresses, and I suspect most/
all of
them will want the static there too. Now ask your average user the
same
question and see if you
On Feb 9, 2009, at 2:11 PM, Ricky Beam wrote:
On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk
step...@sprunk.org wrote:
Non-NAT firewalls do have some appeal, because they don't need to
mangle
the packets, just passively observe them and open pinholes when
appropriate.
This is exactly
On Fri, 06 Feb 2009 09:39:01 -0500, Iljitsch van Beijnum
iljit...@muada.com wrote:
If you want the machine to always have the same address, either enter
it manually or set your DHCP server to always give it the same address.
Manual configuration doesn't scale. With IPv4, it's quite hard to
Nathan Ward wrote:
On 10/02/2009, at 11:35 AM, Scott Howard wrote:
Go and ask those people who feel statics are a given for IPv6 if they
would prefer static or dynamic IPv4 addresses, and I suspect most/all of
them will want the static there too. Now ask your average user the same
question
Ricky Beam wrote:
On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk
step...@sprunk.org wrote:
Non-NAT firewalls do have some appeal, because they don't need to
mangle the packets, just passively observe them and open pinholes
when appropriate.
This is exactly the same with NAT and non-NAT
On 10/02/2009, at 9:54 AM, Stephen Sprunk wrote:
Yes, an ALG needs to understand the packet format to open pinholes
-- but with NAT, it also needs to mangle the packets. A non-NAT
firewall just examines the packets and then passes them on unmangled.
Sure, but at the end of the day a
On Feb 9, 2009, at 3:33 PM, Mark Newton wrote:
On 10/02/2009, at 9:54 AM, Stephen Sprunk wrote:
Yes, an ALG needs to understand the packet format to open pinholes
-- but with NAT, it also needs to mangle the packets. A non-NAT
firewall just examines the packets and then passes them on
On 10/02/2009, at 10:17 AM, Owen DeLong wrote:
Sure, but at the end of the day a non-NAT firewall is just a
special case
of NAT firewall where the inside and outside addresses happen to
be the same.
Uh, that's a pretty twisted view. I would say that NAT is a special
additional capability
Owen DeLong wrote:
In terms of implementing the code, sure, the result is about the same,
but, the key point here is that there really isn't a benefit to having that
packet mangling code in IPv6.
Unless your SOX auditor requires it in order to give you a non-qualified
audit of your
In message 4990c38c.8060...@eeph.com, Matthew Kaufman writes:
Owen DeLong wrote:
In terms of implementing the code, sure, the result is about the same,
but, the key point here is that there really isn't a benefit to having that
packet mangling code in IPv6.
Unless your SOX auditor
Mark Newton wrote:
Fine, you don't like rewriting L3 addresses and L4 port numbers. Yep,
I get that. Relevance?
Just out of what I like and might use, GRE (no port), ESP (no port), AH
(no port), SCTP (would probably work fine with NAT, but I haven't seen
it supported yet and because every
On 10/02/2009, at 11:03 AM, Jack Bates wrote:
There is if you have a dual-stack device, your L4-and-above protocols
are the same under v4 and v6, and you don't want to reinvent the
ALG wheel.
ALG only fixes some problems, and it's not required for as much when
address translations are
Mark Newton wrote:
On a commodity consumer CPE device, the ALG code doubles as a
stateful inspection engine.
So it _is_ required when address translations are not being performed.
H, the code may be there, but I suspect that not all of it will
apply to v6 and be used.
Is security
As I read it, you don't want to use DHCP because it's an other service to
fail. Well, what do you think is broadcasting RA's? My DHCP servers have
proven far more stable than my routers. (and one of them is a windows
server
:-)) Most dhcp clients that keep any state will continue using the
The SOX auditor ought to know better. Any auditor that
requires NAT is incompenent.
Sadly, there are many audit REQUIREMENTS explicitly naming NAT and RFC1918
addressing ...
In message 00cf01c98b24$efe42680$cfac73...@com, TJ writes:
Also, it is not true in every case that hosts need a lot more than an
address.
In many cases all my machine needs is an address, default gateway and DNS
server (cheat off of v4 | RFC5006 | Stateless DHCPv6).
address + default
On Mon, 9 Feb 2009 21:16:49 -0500
TJ trej...@gmail.com wrote:
The SOX auditor ought to know better. Any auditor that
requires NAT is incompenent.
Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
RFC1918 addressing ...
SOX auditors are incompetent. I've been
On Mon, Feb 9, 2009 at 6:16 PM, Ricky Beam jfb...@gmail.com wrote:
On Fri, 06 Feb 2009 09:39:01 -0500, Iljitsch van Beijnum
iljit...@muada.com wrote:
If you want the machine to always have the same address, either enter it
manually or set your DHCP server to always give it the same address.
John Peach wrote:
On Mon, 9 Feb 2009 21:16:49 -0500
TJ trej...@gmail.com wrote:
The SOX auditor ought to know better. Any auditor that
requires NAT is incompenent.
Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
RFC1918 addressing ...
SOX auditors are
The SOX auditor ought to know better. Any auditor that
requires NAT is incompenent.
Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
RFC1918 addressing ...
SOX auditors are incompetent. I've been asked about anti-virus software on
UNIX servers and then asked to
TJ wrote:
When the compliance explicitly requires something they are required to check
for it, they don't have the option of ignoring or waving requirements ...
and off the top of my head I don't recall if it is SOX that calls for
RFC1918 explicitly but I know there are some that do.
I believe
Why would anyone NOT want that?? what replaces that option in current RA
deployments?
One nit - I like to differentiate between the presence of RAs (which should
be every user where IPv6 is present) and the use of SLAAC (RA + prefix).
Right now - Cheat off of IPv4's config.
(Lack of DHCPv6
@nanog.org
Subject: Re: v6 DSL / Cable modems [was: Private use of non-RFC1918 IP
space
snip
DSL and cable modems are extremely simple devices. I'm amazed they have
any amount of router in them at all. And I've yet to see one running
Linux. (the 2 popular brands around here -- westell and motorola
In message 00df01c98b27$3181b7e0$948527...@com, TJ writes:
The SOX auditor ought to know better. Any auditor that
requires NAT is incompenent.
Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
RFC1918 addressing ...
SOX auditors are incompetent. I've been asked
When the compliance explicitly requires something they are required to
check for it, they don't have the option of ignoring or waving
requirements ...
and off the top of my head I don't recall if it is SOX that calls for
RFC1918 explicitly but I know there are some that do.
I believe that
Mark Andrews wrote:
Please cite references.
I can find plenty of firewall required references but I'm
yet to find a NAT and/or RFC 1918 required.
(Skip if you've participated in a SOX audit from the IT department POV)
The way it works is that the law doesn't call for
On Mon, Feb 9, 2009 at 9:47 PM, TJ trej...@gmail.com wrote:
Why would anyone NOT want that?? what replaces that option in current RA
deployments?
One nit - I like to differentiate between the presence of RAs (which should
be every user where IPv6 is present) and the use of SLAAC (RA + prefix).
On Tue, Feb 10, 2009 at 02:16:10PM +1100, Mark Andrews wrote:
In message 00df01c98b27$3181b7e0$948527...@com, TJ writes:
[...SOX auditor stuff...]
When the compliance explicitly requires something they are required to check
for it, they don't have the option of ignoring or waving
security by obscurity is not the way, everyone knows it.
those guys will figure it out sooner or later (where later, might take ages).
in the meanwhile, a lot have pseudo-secured networks thru triple-nat,
quadruple-nat, multiple ipsec'd layered and so, and others live with the hammer
in their
On Mon, Feb 9, 2009 at 9:54 PM, John Osmon jos...@rigozsaurus.com wrote:
It isn't SOX, but sadly enough, PCI DSS Requirement 1.5 says:
Implement IP address masquerading to prevent internal addresses from
being translated and revealed on the Internet. Use technologies that
implement RFC
On Mon, Feb 09, 2009 at 09:27:59PM -0500, TJ wrote:
The SOX auditor ought to know better. Any auditor that
requires NAT is incompenent.
Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
RFC1918 addressing ...
SOX auditors are incompetent. I've been asked about
valdis.kletni...@vt.edu wrote:
On Tue, 03 Feb 2009 11:25:40 +0900, Randy Bush said:
snip
Not quite..
2^96 = 79228162514264337593543950336
2^128-2^32 = 340282366920938463463374607427473244160
not quite. let's posit 42 devices on the average lan segment
(ymmv).
42*(2^64) =
Skeeve Stevens wrote:
Owned by an ISP? It isn't much different than it is now.
As long as you are multi-homed you can get a small allocation (/48),
APNIC and ARIN have procedures for this.
Yes, you have to pay for it, but the addresses will be yours, unlike
the RFC1918 ranges which is
On Feb 7, 2009, at 2:09 AM, Nathan Ward wrote:
On 6/02/2009, at 12:00 PM, Joe Maimon wrote:
This assignment policy is NOT enough for every particle of sand on
earth, which is what I thought we were getting.
There is enough for 3616 /64s, or 14 /56s per square centimetre of
the earth's
as I've said a few times now, reason #775 that autoconf is a broken and
non-
useful 'gadget' for network operators. There is a system today that does
lots of client-conf (including the simple default-route +
dns-server) called DHCP, there MUST be a similarly featured system in the
'new world
Matthew Moyle-Croft wrote:
Stephen Sprunk wrote:
You must be very sheltered. Most end users, even security folks at
major corporations, think a NAT box is a firewall and disabling NAT
is inherently less secure. Part of that is factual: NAT (er, dynamic
PAT) devices are inherently
Bill Stewart wrote:
That's not because it's doing dynamic address assignment - it's
because you're only advertising the aggregate route from the
BRAS/DSLAM/etc., and you can just as well do the same thing if you're
using static addresses.
Customers can land on one of a fleet of large BRAS
In message 498bddac.7060...@eeph.com, Matthew Kaufman writes:
Mark Andrews wrote:
WII's should be able to be directly connected to the network
without any firewall. If they can't be then they are broken.
As I'm sure you know, you can tell the difference between an Internet
David W. Hankins david_hank...@isc.org writes:
On Thu, Feb 05, 2009 at 11:42:27PM +0100, Iljitsch van Beijnum wrote:
On 5 feb 2009, at 22:44, Ricky Beam wrote:
I've lived quite productively behind a single IPv4 address for nearly 15
years.
So you were already doing NAT in 1994? Then you
Matthew Moyle-Croft wrote:
My comment was regarding customers believing that they were going to, by
default, get a statically allocated range, whatever the length.
If most customers get dynamically assigned (via PD or other means) then
the issue is not a major one.
Dynamic or static;
On Thu, 5 Feb 2009, Paul Timmins wrote:
John Schnizlein wrote:
Maybe upgrades, service packs and updates will make them capable of using
DHCPv6 for useful functions such as finding the address of an available name
server by the time IPv6-only networks are in operation.
And if not,
On 6 feb 2009, at 1:15, Ricky Beam wrote:
I see IPv6 address space being carved out in huge chunks for reasons
that equate to little more than because the total space is
inexhaustable. This is the exact same type of mis-management that
plagues us from IPv4's early allocations.
Think of
This is straying from operational to protocol design and implementation,
but as someone who has done a fair bit of both design and implementation...
Iljitsch van Beijnum wrote:
The problem is that DHCP seemed like a good idea at the time but it
doesn't make any sense today. We know that
on seven continents with far more than a 1:1
end user to host ratio.
Jamie
-Original Message-
From: Iljitsch van Beijnum [mailto:iljit...@muada.com]
Sent: Thursday, February 05, 2009 5:42 PM
To: Ricky Beam
Cc: NANOG list
Subject: Re: v6 DSL / Cable modems [was: Private use of non-RFC1918 IP
On Fri, Feb 6, 2009 at 10:22 AM, Jamie Bowden ja...@photon.com wrote:
Five things? Really? My DHCP server hands out the following things to
its clients:
as I've said a few times now, reason #775 that autoconf is a broken
and non-useful 'gadget' for network operators. There is a system today
On Thu, 5 Feb 2009, Matthew Moyle-Croft wrote:
DHCP(v6). Setting the idea in people's heads that a /64 IS going
to be their own statically is insane and will blow out provider's
own routing tables more than is rational.
Routing table size will be a function of the number of customers -
My comment was regarding customers believing that they were going to,
by default, get a statically allocated range, whatever the length.
If most customers get dynamically assigned (via PD or other means)
then the issue is not a major one.
MMC
On 06/02/2009, at 8:56 PM, Paul Jakma wrote:
I think this part of the thread is in danger of leaving the realm of
operational relevance, so I will treat these as my closing arguments.
On Fri, Feb 06, 2009 at 03:48:53PM +0100, Iljitsch van Beijnum wrote:
It makes more sense to look at it like this. In the 1990s we had:
No, I think that
Randy Bush wrote:
Wii should not even consider developing a cool new protocol for the Wii
that is not NAT compliant via V4 or V6.
what is nat compliant?
RFC 3235 discusses how to make your application work in the Internet
reality that exists today, with NAT boxes everywhere. The document is
Roger Marquis wrote:
Seth Mattinen wrote:
Far too many people see NAT as synonymous with a firewall so they
think if you take away their NAT you're taking away the security of a
firewall.
NAT provides some security, often enough to make a firewall
unnecessary. It all depends on what's
Stephen Sprunk wrote:
You must be very sheltered. Most end users, even security folks at
major corporations, think a NAT box is a firewall and disabling NAT is
inherently less secure. Part of that is factual: NAT (er, dynamic
PAT) devices are inherently fail-closed because of their
On Feb 6, 2009, at 7:06 PM, Matthew Moyle-Croft wrote:
Stephen Sprunk wrote:
You must be very sheltered. Most end users, even security folks
at major corporations, think a NAT box is a firewall and disabling
NAT is inherently less secure. Part of that is factual: NAT (er,
dynamic
Tell ya what Owen,
When you can show me residential grade CPE which has a DECENT stateful
firewall then PLEASE let me know.
Needs to do other things well, not crash, not cost hundreds of
dollars, supportable, does VOIP, WIFI etc are manufacturer supported
etc. Of course, it needs to do
On 6/02/2009, at 12:00 PM, Joe Maimon wrote:
This assignment policy is NOT enough for every particle of sand on
earth, which is what I thought we were getting.
There is enough for 3616 /64s, or 14 /56s per square centimetre of the
earth's surface, modulo whatever we have set aside for
On 6/02/2009, at 1:01 PM, David W. Hankins wrote:
On Thu, Feb 05, 2009 at 05:12:19PM -0600, Jack Bates wrote:
Operationally, this has been met from my experience. In fact, all
of these
items are handled with stateless DHCPv6 in coordination with SLAAC.
Stateful DHCPv6 seems to be limited
On Feb 4, 2009, at 6:19 PM, Leo Bicknell wrote:
In a message written on Thu, Feb 05, 2009 at 11:58:33AM +1030,
Matthew Moyle-Croft wrote:
My FEAR is that people (customers) are going to start assuming
that v6
means their own static allocation (quite a number are assuming this).
This means
On Wed, 4 Feb 2009, Roger Marquis wrote:
Perhaps what we need is an IPv6 NAT FAQ? I'm suspect many junior network
engineers will be interested in the rational behind statements like:
* NAT disadvantage #1: it costs a lot of money to do NAT (compared to what
it saves consumers, ILECs, or
Scott Howard wrote:
And that brings us back to the good old catch-22
of ISPs not supporting IPv6 because consumer CPE doesn't support it,
and CPE not supporting it because ISP don't...
No, it's because neither need to do it. If they did the apparent
catch-22 would be fixed
Matthew
Given my knowledge of where most large BRAS/Cable vendors are upto - I
don't
think anyone could have. (Cisco won't have high end v6 pppoe support until
late this year!).
Indeed, that is a big part of the problem in the home-user space.
There's a lot of people who clearly don't work for ISPs
On Feb 5, 2009, at 7:41 AM, TJ wrote:
It doesn't solve the problem of an enterprise with more than one
location/network-interconnect... we can go around this rose bush
again and
again and again, but honestly, deployment of v6 happens for real
when there
is a significant business reason to
Matthew Moyle-Croft wrote:
I'm under no allusion that a /64 is going to be optional - it's really
too late which is sad. I think people have just latched onto it and now
accept it and defend it without thinking about is this still the
answer?. Just because it's in an RFC doesn't mean it's
On 5 feb 2009, at 2:20, Matthew Moyle-Croft wrote:
Has anyone out there actually done an implentation, across DSL of
PD? If you have PLEASE let me know on list/off list/by dead letter
drop in a park. Especially interested in CPE etc.
I've tested this years ago and it works just fine. Of
On 5 feb 2009, at 5:29, Matthew Moyle-Croft wrote:
I'm meant to have 250,000 customers running it by Christmas!
So how do you plan on doing that?
We know that IPv6 runs really well over regular ethernet or over
tunnels. It doesn't work so well over the weird crap that broadband
ISPs use
* NAT disadvantage #3: RFC1918 was created because people were afraid of
running out of addresses. (in 1992?)
Yes. One of my colleague, who participated in development of RFC 1918
confirmed it.
Your colleague was wrong. I was one of several engineers who handed out
private addresses back
Iljitsch van Beijnum wrote:
So how do you plan on doing that?
It works fine to my house.
We know that IPv6 runs really well over regular ethernet or over
tunnels. It doesn't work so well over the weird crap that broadband ISPs
use which superficially looks like ethernet or PPP but isn't
On Thu, 05 Feb 2009 12:22:43 +1030, Matthew Moyle-Croft said:
Telling customers well, you might get renumbered randomly isn't going
to work, no matter what the theory about it all is. They do crazy and
unexpected things and bleat about it even if you told them not to. At
worse they stop
On Thu, 05 Feb 2009 08:24:16 PST, Roger Marquis said:
Can you site a reference? Can you substantiate lots? I didn't think so.
This is yet another case the rhetoric gets a little over the top, leading
those of us who were doing this before NAT to suspect a non-technical
agenda.
Some
On Feb 5, 2009, at 8:24 AM, Roger Marquis wrote:
* NAT disadvantage #3: RFC1918 was created because people were
afraid of
running out of addresses. (in 1992?)
Yes. One of my colleague, who participated in development of RFC
1918 confirmed it.
Your colleague was wrong. I was one of
On 5-Feb-2009, at 06:34, Christopher Morrow wrote:
to be fair, there are 3 options for multihoming today in v6 (three
sanctioned by the IETF, not ordered in any order, not including
discussion about goodness/badness/oh-god-no-ness of these)
1) multiple addresses on each device, one per
Joe Abley wrote:
4) Obtain PA space and do what you're doing with v4.
5) Obtain PI space and do what you're doing with v4.
(4) is problematic because filtering long prefixes in v6 seems to be
more energetic than it is in v4. (5) is problematic if you don't qualify
for PI space.
As more
On 5 feb 2009, at 20:06, Joe Abley wrote:
4) Obtain PA space and do what you're doing with v4.
5) Obtain PI space and do what you're doing with v4.
(4) is problematic because filtering long prefixes in v6 seems to be
more energetic than it is in v4. (5) is problematic if you don't
4) Obtain PA space and do what you're doing with v4.
(4) is problematic because filtering long prefixes in v6 seems to be
more energetic than it is in v4. (5) is problematic if you don't
qualify for PI space.
Oi, nooo
Lets not recreate the v4 issues by suggesting it's just problematic,
On Thursday 05 February 2009 04:31:28 Brandon Butterworth wrote:
I am beginning to be worried that no one [has|is willing to divulge]
that they have accomplished this . One would think that someone would
at least pipe up just for the bragging factor .
The thread seemed long and noisy
On Thu, 05 Feb 2009 10:25:44 -0500, Iljitsch van Beijnum
iljit...@muada.com wrote:
On 5 feb 2009, at 1:16, Patrick W. Gilmore wrote:
I guess I was thinking about v4 modems which do not get a subnet, just
an IP address. If we really are handing out a /64 to each DSL Cable
modem, then we
On Thu, Feb 05, 2009 at 04:44:58PM -0500, Ricky Beam wrote:
[...] I've lived quite productively behind a single IPv4 address for
nearly 15 years. I've run 1000 user networks that only used one IPv4
address for all of them. I have 2 private /24's using a single public
IPv4 address right
On 5-Feb-2009, at 13:44, Ricky Beam wrote:
This is the exact same bull as the /8 allocations in the early
days of IPv4.
There are only 256 /8s in IPv4.
There are 72,057,594,037,927,936 /56s in IPv6. If you object to where
you think this is going, then perhaps it's more palatable to
On 5 feb 2009, at 22:44, Ricky Beam wrote:
A single /64 isn't enough for a home user, because their gateway is
a router and needs a different prefix at both sides. Users may also
want to subnet their own network. So they need at least something
like a /60.
Mr. van B, your comments would
Joe Abley wrote:
Note that I am not denying the faint aroma of defecation in the air, nor
the ghost of address assignment policies past.
Maybe because by sheer coincidence 2**32 /32 is exactly the same as ipv4
2**32 /32?
Maybe because by sheer coincidence 2**48 /48 is exactly the same
1 - 100 of 229 matches
Mail list logo