On 29 July 2010 18:08, Leo Vegoda leo.veg...@icann.org wrote:
There's a good chance that in the long run multi-subnet home networks will
become the norm.
With all due respect, I can't see it. Why would a home user need
multiple subnets? Are they really likely to have CPE capable of
routing
On 2010-07-30 09:27, Matthew Walster wrote:
On 29 July 2010 18:08, Leo Vegoda leo.veg...@icann.org wrote:
There's a good chance that in the long run multi-subnet home networks will
become the norm.
With all due respect, I can't see it. Why would a home user need
multiple subnets?
*
On 30 July 2010 08:32, Jeroen Massar jer...@unfix.org wrote:
On 2010-07-30 09:27, Matthew Walster wrote:
On 29 July 2010 18:08, Leo Vegoda leo.veg...@icann.org wrote:
There's a good chance that in the long run multi-subnet home networks will
become the norm.
With all due respect, I can't
Matthew,
On Jul 30, 2010, at 9:27 AM, Matthew Walster wrote:
On 29 July 2010 18:08, Leo Vegoda leo.veg...@icann.org wrote:
There's a good chance that in the long run multi-subnet home networks will
become the norm.
Why would a home user need multiple subnets?
Even today, people are
On 30 July 2010 09:20, David Conrad d...@virtualized.org wrote:
Even today, people are deploying multiple subnets in their homes. For
example, Apple's Airport allows you to trivially set up a guest network
that uses a different prefix (192.168.0.0/24) and different SSID than your
normal
On Jul 30, 2010, at 12:27 AM, Matthew Walster wrote:
On 29 July 2010 18:08, Leo Vegoda leo.veg...@icann.org wrote:
There's a good chance that in the long run multi-subnet home networks will
become the norm.
With all due respect, I can't see it. Why would a home user need
multiple
On Jul 30, 2010, at 1:13 AM, Matthew Walster wrote:
On 30 July 2010 08:32, Jeroen Massar jer...@unfix.org wrote:
On 2010-07-30 09:27, Matthew Walster wrote:
On 29 July 2010 18:08, Leo Vegoda leo.veg...@icann.org wrote:
There's a good chance that in the long run multi-subnet home networks
Hi,
* Matthew Walster
On 30 July 2010 09:20, David Conradd...@virtualized.org wrote:
Even today, people are deploying multiple subnets in their homes.
For example, Apple's Airport allows you to trivially set up a
guest network that uses a different prefix (192.168.0.0/24) and
different SSID
On 30 July 2010 09:53, Owen DeLong o...@delong.com wrote:
2. Yes, they are already available. A moderate PC with 4 Gig-E
ports can actually route all four of them at near wire speed.
For 10/100Mbps, you can get full featured CPE like the SRX-100
for around $500.
On Fri, 30 Jul 2010 11:11:04 BST, Matthew Walster said:
Seriously, this is getting silly. I'm not even going to respond any
more - if you genuinely think users care about network management,
you're wrong. They treat it as a black box, and that isn't going to
change for a long, long, long time.
In a message written on Fri, Jul 30, 2010 at 09:13:54AM +0100, Matthew Walster
wrote:
On 30 July 2010 08:32, Jeroen Massar jer...@unfix.org wrote:
On 2010-07-30 09:27, Matthew Walster wrote:
On 29 July 2010 18:08, Leo Vegoda leo.veg...@icann.org wrote:
With all due respect, I can't see it.
Matthew Walster wrote:
On 29 July 2010 18:08, Leo Vegoda leo.veg...@icann.org wrote:
There's a good chance that in the long run multi-subnet home networks will
become the norm.
With all due respect, I can't see it. Why would a home user need
multiple subnets? Are they really likely
On Jul 30, 2010, at 3:11 AM, Matthew Walster wrote:
On 30 July 2010 09:53, Owen DeLong o...@delong.com wrote:
2. Yes, they are already available. A moderate PC with 4 Gig-E
ports can actually route all four of them at near wire speed.
For 10/100Mbps, you can get full
On Tue, 27 Jul 2010 12:34:40 -0700
Owen DeLong o...@delong.com wrote:
On Jul 27, 2010, at 12:05 PM, Akyol, Bora A wrote:
Please see comments inline.
On 7/22/10 10:13 PM, Owen DeLong o...@delong.com wrote:
In all reality:
1. NAT has nothing to do with security.
I look at this as water under the bridge. Yep, it was complicated code
and now it works. I can run bittorrent just fine beyond an Apple
wireless router and I did nothing to make that work. Micro-torrent
just communicates with the router to make the port available.
So, the security model here
On Sun, 25 Jul 2010 03:56:52 +1000
Karl Auer ka...@biplane.com.au wrote:
On Sat, 2010-07-24 at 10:42 -0700, Owen DeLong wrote:
You do have to properly set up the rules for which addresses to use for what
communication properly. It breaks less if you forego the ULA brokenness,
but, some
On 23 July 2010 01:45, Karl Auer ka...@biplane.com.au wrote:
Unless I've misunderstood Matthew, and he was suggesting that the /64 be
the link network. That would indeed effectively give the customer a
single address, unless it was being bridged rather than routed at the
CPE. Not sure bridging
On Jul 29, 2010, at 3:51 AM, Mark Smith wrote:
On Sun, 25 Jul 2010 03:56:52 +1000
Karl Auer ka...@biplane.com.au wrote:
On Sat, 2010-07-24 at 10:42 -0700, Owen DeLong wrote:
You do have to properly set up the rules for which addresses to use for what
communication properly. It breaks less
On Jul 29, 2010, at 4:08 AM, Matthew Walster wrote:
On 23 July 2010 01:45, Karl Auer ka...@biplane.com.au wrote:
Unless I've misunderstood Matthew, and he was suggesting that the /64 be
the link network. That would indeed effectively give the customer a
single address, unless it was being
To: Owen DeLong o...@delong.com
Cc: nanog@nanog.org
Date: Thu, 29 Jul 2010 16:00:40 +0100
Subject: Re: Addressing plan exercise for our IPv6 course
On 29 July 2010 15:49, Owen DeLong o...@delong.com wrote:
If we give every household on the planet a /48 (approximately 3 billion
/48s), we
On 29 Jul 2010, at 8:00, Matthew Walster wrote:
On 29 July 2010 15:49, Owen DeLong o...@delong.com wrote:
If we give every household on the planet a /48 (approximately 3 billion
/48s), we consume less than 1/8192 of 2000::/3.
There are 65,536 /48s in a /32. It's not about how available
On Jul 29, 2010, at 8:00 AM, Matthew Walster wrote:
On 29 July 2010 15:49, Owen DeLong o...@delong.com wrote:
If we give every household on the planet a /48 (approximately 3 billion
/48s), we consume less than 1/8192 of 2000::/3.
There are 65,536 /48s in a /32. It's not about how available
Why waste valuable people's time to conserve nearly valueless
renewable resources?
See my earlier comments on upsell and control. While you have some ISPs
starting from the mentality that gives us accepting incoming connections is a
chargeable extra, they're also going to be convinced that
On 2010-07-29 19:32, Tim Franklin wrote:
Why waste valuable people's time to conserve nearly valueless
renewable resources?
See my earlier comments on upsell and control. While you
have some ISPs starting from the mentality that gives us accepting
incoming connections is a chargeable
On 29 Jul 2010 12:19, Owen DeLong wrote:
On Jul 29, 2010, at 8:00 AM, Matthew Walster wrote:
On 29 July 2010 15:49, Owen DeLong o...@delong.com wrote:
If we give every household on the planet a /48 (approximately 3 billion
/48s), we consume less than 1/8192 of 2000::/3.
On Jul 29, 2010, at 10:32 AM, Tim Franklin wrote:
Why waste valuable people's time to conserve nearly valueless
renewable resources?
See my earlier comments on upsell and control. While you have some ISPs
starting from the mentality that gives us accepting incoming connections is
a
On Jul 29, 2010, at 10:41 AM, Stephen Sprunk wrote:
On 29 Jul 2010 12:19, Owen DeLong wrote:
On Jul 29, 2010, at 8:00 AM, Matthew Walster wrote:
On 29 July 2010 15:49, Owen DeLong o...@delong.com wrote:
If we give every household on the planet a /48 (approximately 3 billion
/48s), we
Owen DeLong wrote:
If you want to build a business based on upsell and control by trying
to convince users that they should give you extra money to provision
a resource that costs you virtually nothing, then more power to you.
However, I think this will, in the end, be as popular as
Jeroen Massar wrote:
See my earlier comments on upsell and control. While you
have some ISPs starting from the mentality that gives us accepting
incoming connections is a chargeable extra, they're also going
to be convinced that there's a revenue opportunity in segmenting
customers who want
Please see comments inline.
On 7/22/10 10:13 PM, Owen DeLong o...@delong.com wrote:
In all reality:
1. NAT has nothing to do with security. Stateful inspection provides
security, NAT just mangles addresses.
Of course, the problem is that there are millions of customers that
On Jul 27, 2010, at 12:05 PM, Akyol, Bora A wrote:
Please see comments inline.
On 7/22/10 10:13 PM, Owen DeLong o...@delong.com wrote:
In all reality:
1. NAT has nothing to do with security. Stateful inspection provides
security, NAT just mangles addresses.
Of course,
On Jul 24, 2010, at 10:35 PM, Doug Barton wrote:
On Sat, 24 Jul 2010, Brandon Butterworth wrote:
Eventually ARIN (or someone else will do it for them) may create a site
...
Did you mean something like this maybe ?:
http://www.sixxs.net/tools/grh/ula/
Q.E.D.
The RFC seeks to avoid
On Jul 25, 2010, at 8:10 AM, Owen DeLong wrote:
The logical candidate to operate option 1 was the IANA, and the RIRs were
having none of that. (For bonus points, explain how the RIRs continue to
exist if everyone can have all of the guaranteed-globally-unique IPv6 space
they wanted for
Doug Barton wrote:
having none of that. (For bonus points, explain how the RIRs continue to
exist if everyone can have all of the guaranteed-globally-unique IPv6
space they wanted for free.)
whois. what did I win? IANA can handle very basic assignments, but
hasn't the staff for large support
David Conrad wrote:
On Jul 24, 2010, at 7:52 PM, Brandon Butterworth wrote:
Indeed, best not listen to vendors
As it is best not to listen to doctors that tell you if you continue chain
smoking or eating 5000 calories a day, you'll likely regret it.
Bad analogy. A doctor tells you these
On Jul 25, 2010, at 8:42 AM, Jack Bates wrote:
Doug Barton wrote:
having none of that. (For bonus points, explain how the RIRs continue to
exist if everyone can have all of the guaranteed-globally-unique IPv6 space
they wanted for free.)
whois.
http://whois.iana.org
what did I win? IANA
On Jul 25, 2010, at 8:56 AM, Jack Bates wrote:
David Conrad wrote:
On Jul 24, 2010, at 7:52 PM, Brandon Butterworth wrote:
Indeed, best not listen to vendors
As it is best not to listen to doctors that tell you if you continue chain
smoking or eating 5000 calories a day, you'll likely regret
whois. what did I win? IANA can handle very basic assignments, but
hasn't the staff for large support or extra services (whois, POC
management/validity, routing registry).
routing registry not necessarily needed from address registry.
and i am sure even the icann/iana could do the combined
On Sun, 25 Jul 2010, Jack Bates wrote:
Doug Barton wrote:
having none of that. (For bonus points, explain how the RIRs continue to
exist if everyone can have all of the guaranteed-globally-unique IPv6 space
they wanted for free.)
whois. what did I win? IANA can handle very basic
On Sat, 24 Jul 2010, Owen DeLong wrote:
On Jul 24, 2010, at 10:35 PM, Doug Barton wrote:
On Sat, 24 Jul 2010, Brandon Butterworth wrote:
Eventually ARIN (or someone else will do it for them) may create a
site
...
Did you mean something like this maybe ?:
On Sun, 2010-07-25 at 01:42 -0500, Jack Bates wrote:
This is my concern. A business would rather be assured uniqueness over
gambling, no matter what the odds. Given no additional services are
needed, the administration cost is the same as handing out snmp
enterprise oids. The fact that the
On (2010-07-25 17:32 +1000), Karl Auer wrote:
The risk of a ULA prefix conflict is for *all practical purposes* zero.
http://www.wolframalpha.com/input/?i=1-((2^40)!)%2F((2^40)^100+((2^40)-100)!)+
It wouldn't puke nice graph with 'n', it did try, but never finished.
So if there are
On Sun, 25 Jul 2010 09:01:33 +0200
David Conrad d...@virtualized.org wrote:
On Jul 25, 2010, at 8:42 AM, Jack Bates wrote:
Doug Barton wrote:
having none of that. (For bonus points, explain how the RIRs continue to
exist if everyone can have all of the guaranteed-globally-unique IPv6
On Sun, 25 Jul 2010 11:40:19 +0300
Saku Ytti s...@ytti.fi wrote:
On (2010-07-25 17:32 +1000), Karl Auer wrote:
The risk of a ULA prefix conflict is for *all practical purposes* zero.
http://www.wolframalpha.com/input/?i=1-((2^40)!)%2F((2^40)^100+((2^40)-100)!)+
It wouldn't
On Sat, 24 Jul 2010 22:35:07 PDT, Doug Barton said:
having none of that. (For bonus points, explain how the RIRs continue to
exist if everyone can have all of the guaranteed-globally-unique IPv6
space they wanted for free.)
The same way that companies are making money selling people credit
On Sun, 25 Jul 2010 11:40:19 +0300, Saku Ytti said:
On (2010-07-25 17:32 +1000), Karl Auer wrote:
The risk of a ULA prefix conflict is for *all practical purposes* zero.
http://www.wolframalpha.com/input/?i=1-((2^40)!)%2F((2^40)^100+((2^40)-100)!)+
It wouldn't puke nice
On (2010-07-25 10:28 -0400), valdis.kletni...@vt.edu and Mark Smith wrote
similarly:
http://www.wolframalpha.com/input/?i=1-((2^40)!)%2F((2^40)^100+((2^40)-100)!)+
So if there are million assigned ULA's there is 36.5% chance of collision,
if
formula is right.
Bzzt! Wrong,
On Jul 24, 2010, at 11:40 PM, David Conrad wrote:
On Jul 25, 2010, at 8:10 AM, Owen DeLong wrote:
The logical candidate to operate option 1 was the IANA, and the RIRs were
having none of that. (For bonus points, explain how the RIRs continue to
exist if everyone can have all of the
For bonus points, explain how the numbers side of IANA pays for anything
when the RIRs stop funding it?
David already answered more eloquently than I could, so I'll simply add that
what he said applied when I was there as well. The IANA is, and always has
been a cost center. You don't
If an expert stood up in court and said the chances that this
fingerprint is the defendant's are a million to one, and the
prosecutor then said Aha! So you admit it's *possible*! we would
rightly scorn the prosecutor for being an innumerate nincompoop. Yet
here we are paying serious heed to
On Jul 25, 2010, at 6:02 PM, Owen DeLong wrote:
My point was that as a cost center, IANA depends on funding from other
sources. The RIRs are a major source of that funding.
I guess it depends on your definition of major. From section 5.1 of ICANN's
draft FY11 budget
On Sun, 2010-07-25 at 16:19 +, Nathan Eisenberg wrote:
If an expert stood up in court and said the chances that this
fingerprint is the defendant's are a million to one, and the
prosecutor then said Aha! So you admit it's *possible*! we would
rightly scorn the prosecutor for being an
On Jul 25, 2010, at 11:54 AM, David Conrad wrote:
On Jul 25, 2010, at 6:02 PM, Owen DeLong wrote:
My point was that as a cost center, IANA depends on funding from other
sources. The RIRs are a major source of that funding.
I guess it depends on your definition of major. From section 5.1
Owen DeLong o...@delong.com writes:
for NAT. Enterprises of non-trivial size will likely use RFC4193 (and I
fear we will notice PRNG returning 0 very often) and then NAT it to
provider provided public IP addresses.
Why on earth would you do that? Why not just put the provider-assigned
Saku Ytti s...@ytti.fi writes:
RFC4193 + NAT quite simply is what they know and are comfortable with.
NAT is *not simple*. NAT adds one more layer of complexity. When
using multiple NAT things get worse.
In most cases people don't want or need NAT they are just used to it and
old habits die
Owen DeLong o...@delong.com writes:
You know that, I know that and (hopefully) all people on this list know
that. But NAT == security was and still is sold by many people.
So is snake oil.
Ack, but people are still buying snake oil too.
After one of my talks about IPv6 the firewall
On Mon, Jul 26, 2010 at 06:24:04AM +0200, Jens Link wrote:
Owen DeLong o...@delong.com writes:
The correct answer is No, you don't have to configure rules, you just need
one rule supplied by default which denies anything that doesn't have a
corresponding outbound entry in the state table
Owen,
Correct, now, what portion of ICANN's budget is related to the NRO sector?
Read the ICANN budget. ICANN does not budget things that way.
You asked explain how the numbers side of IANA pays for anything when the RIRs
stop funding it?
Doug and I, who have a bit of knowledge on the
I tend to think a /60 is a reasonable allocation for a residential user. In my
home I have two subnets and will in time likely add two more:
- general network access
- my office (required to be separate by Cisco Information Security policy)
- (future) would likely want routable separate
On (2010-07-24 03:50 -0400), valdis.kletni...@vt.edu wrote:
Firewall != NAT. The former is still needed in IPv6, the latter is not. And
I
suspect that most Joe Sixpacks think of that little box they bought as a
Maybe you are talking strictly in context of residential DSL, in which case
I
On Jul 23, 2010, at 1:26 PM, Matthew Kaufman wrote:
sth...@nethelp.no wrote:
It is not about how many devices, it is about how many subnets, because you
may want to keep them isolated, for many reasons.
It is not just about devices consuming lots of bandwidth, it is also about
many small
On Jul 24, 2010, at 1:29 AM, Saku Ytti wrote:
On (2010-07-24 03:50 -0400), valdis.kletni...@vt.edu wrote:
Firewall != NAT. The former is still needed in IPv6, the latter is not.
And I
suspect that most Joe Sixpacks think of that little box they bought as a
Maybe you are talking
On (2010-07-24 02:13 -0700), Owen DeLong wrote:
This is non-technical problem, enterprises of non-trivial size can't
typically even tell without months of research all the devices and software
where they've written down the IP addresses.
Sounds like they haven't written them down very
Owen DeLong wrote:
Why on earth would you do that? Why not just put the provider-assigned
addresses on the interfaces along side the ULA addresses? Using ULA
in that manner is horribly kludgy and utterly unnecessary.
Because, although one of the original goals of IPv6 was for hosts to be
On Sat, 2010-07-24 at 08:50 -0700, Matthew Kaufman wrote:
Even if all your hosts end up with external connectivity that works, the odds
that they can reliably talk to each other is low.
I hope I'm not taking the above quote out of context, but why do you
think this? How does the fact that
Enterprises of non-trivial size will likely use RFC4193 (and I
fear we will notice PRNG returning 0 very often) and then NAT it to
provider provided public IP addresses.
Eventually ARIN (or someone else will do it for them) may create a site
you can register your address and know that it
On Jul 24, 2010, at 6:40 PM, Brandon Butterworth wrote:
Such a site would be the seed for when (if) we come up with the tech
for everyone to have PI and lose all the restrictions imposed so far.
Oh, we have the technology. It's called memory. Speaking from the perspective
of a vendor, I'll
Eventually ARIN (or someone else will do it for them) may create a site
you can register your address and know that it really is unique
among participating registrants. Random is fine, unique is better.
Such a site would be the seed for when (if) we come up with the tech
for everyone to have
On Jul 24, 2010, at 8:50 AM, Matthew Kaufman wrote:
Owen DeLong wrote:
Why on earth would you do that? Why not just put the provider-assigned
addresses on the interfaces along side the ULA addresses? Using ULA
in that manner is horribly kludgy and utterly unnecessary.
Because, although
Eventually ARIN (or someone else will do it for them) may create a site
...
Did you mean something like this maybe ?:
http://www.sixxs.net/tools/grh/ula/
Q.E.D.
The RFC seeks to avoid a registry so we end up with the potential for
many as a result. May as well have had ARIN do it
Such a site would be the seed for when (if) we come up with the tech
for everyone to have PI and lose all the restrictions imposed so far.
Oh, we have the technology. It's called memory
If that were viable then we'd be doing it.
Speaking from the perspective of a vendor, I'll happily
On Jul 24, 2010, at 9:23 AM, Karl Auer wrote:
On Sat, 2010-07-24 at 08:50 -0700, Matthew Kaufman wrote:
Even if all your hosts end up with external connectivity that works, the
odds
that they can reliably talk to each other is low.
I hope I'm not taking the above quote out of context,
On Sat, 2010-07-24 at 10:42 -0700, Owen DeLong wrote:
You do have to properly set up the rules for which addresses to use for what
communication properly. It breaks less if you forego the ULA brokenness,
but, some people insist for whatever reason.
What is the ULA brokenness?
Regards, K.
--
On Jul 24, 2010, at 9:40 AM, Brandon Butterworth wrote:
Enterprises of non-trivial size will likely use RFC4193 (and I
fear we will notice PRNG returning 0 very often) and then NAT it to
provider provided public IP addresses.
Eventually ARIN (or someone else will do it for them) may create
On Sat, 2010-07-24 at 18:49 +0100, Brandon Butterworth wrote:
Did you mean something like this maybe ?:
http://www.sixxs.net/tools/grh/ula/
Q.E.D.
The RFC seeks to avoid a registry so we end up with the potential for
many as a result. May as well have had ARIN do it officially in the
The RFC provides for two address ranges in fc00::/7, one for random
prefixes (fc00::/8), the other reserved for later management (fd00::/8).
Later, in some undefined way. A PI lacking enterprise considering
doing v6 this way either waits or decides the available space will do
as someone will
Karl Auer wrote:
The random one allows for swift, bureaucracy-free self-allocation. The
more important it is to you that your allocation be unique, the more
careful you will be to choose a truly random one.
If it is that important, you'd prefer a managed solution, not a truly
random one.
On Sat, 24 Jul 2010 18:49:55 BST, Brandon Butterworth said:
The RFC seeks to avoid a registry so we end up with the potential for
many as a result. May as well have had ARIN do it officially in the
first place so there'd only be one.
Given our failure rate with registries of AS numbers, IP
On Jul 24, 2010, at 11:41 AM, Brandon Butterworth wrote:
The RFC provides for two address ranges in fc00::/7, one for random
prefixes (fc00::/8), the other reserved for later management (fd00::/8).
Later, in some undefined way. A PI lacking enterprise considering
doing v6 this way either
On Sat, 2010-07-24 at 14:07 -0500, Jack Bates wrote:
The chance that any
random prefix will conflict with any chosen prefix is very, very small.
The chance that two conflicting prefixes would belong to entities that
will ever actually interact is even smaller. Makes it an interesting
On Jul 24, 2010, at 7:52 PM, Brandon Butterworth wrote:
Such a site would be the seed for when (if) we come up with the tech
for everyone to have PI and lose all the restrictions imposed so far.
Oh, we have the technology. It's called memory
If that were viable then we'd be doing it.
We are.
On Sat, 24 Jul 2010 10:57:49 -0700
Owen DeLong o...@delong.com wrote:
On Jul 24, 2010, at 9:40 AM, Brandon Butterworth wrote:
Enterprises of non-trivial size will likely use RFC4193 (and I
fear we will notice PRNG returning 0 very often) and then NAT it to
provider provided public IP
On Sat, 24 Jul 2010 19:41:18 +0100 (BST)
Brandon Butterworth bran...@rd.bbc.co.uk wrote:
The RFC provides for two address ranges in fc00::/7, one for random
prefixes (fc00::/8), the other reserved for later management (fd00::/8).
Later, in some undefined way. A PI lacking enterprise
On Sat, 24 Jul 2010, Brandon Butterworth wrote:
Eventually ARIN (or someone else will do it for them) may create a site
...
Did you mean something like this maybe ?:
http://www.sixxs.net/tools/grh/ula/
Q.E.D.
The RFC seeks to avoid a registry so we end up with the potential for
many as a
On 23 jul 2010, at 01:33, Matthew Walster wrote:
On 22 July 2010 14:11, Alex Band al...@ripe.net wrote:
There are more options, but these two are the most convenient weighing all
the up and downsides. Does anyone disagree?
I never saw the point of assigning a /48 to a DSL customer. Surely
Home wifi router vendors will do whatever it takes to make this work, so of
course in your scenario they simply implement NAT66 (whether or not IETF
folks think it is a good idea) however they see fit and nobody calls.
This will greatly help in deploying IPv6...here is another NAT because
However, even then, there is no guarantee that the common denominator CPE for
this service wont have NAT66 features, maybe even turned on by default.
I've tested a lot of CPE's and haven't come across one that supports NAT66,
they all do support DHCPv6 prefix delegation and actually most of
humans
like complicated life !
Regards,
Jordi
From: Marco Hogewoning mar...@marcoh.net
Reply-To: mar...@marcoh.net
Date: Fri, 23 Jul 2010 10:06:43 +0200
To: Matthew Walster matt...@walster.org
Cc: nanog list nanog@nanog.org
Subject: Re: Addressing plan exercise for our IPv6 course
On 23
Owen DeLong o...@delong.com writes:
In all reality:
1.NAT has nothing to do with security. Stateful inspection provides
security, NAT just mangles addresses.
You know that, I know that and (hopefully) all people on this list know
that. But NAT == security was and still is sold by
Owen DeLong wrote:
Well, wouldn't it be better if the provider simply issued enough space to
make NAT66 unnecessary?
The thing is, IPv6 is 128 bits of address space, so a /64 for your home
*really* should be enough to have 1 machine online at a time.
It'll be a lot easier to change the
to address all end sites.
Regards,
Jordi
From: Matthew Kaufman matt...@matthew.at
Reply-To: matt...@matthew.at
Date: Fri, 23 Jul 2010 07:04:17 -0700
To: Owen DeLong o...@delong.com
Cc: nanog list nanog@nanog.org
Subject: Re: Addressing plan exercise for our IPv6 course
Owen DeLong wrote
JORDI PALET MARTINEZ wrote:
And then next you can say ok, so /32 bits is big enough for your home, so
let's change it again, kill autoconfiguration, ask existing IPv6 users to
redo their addressing plans, renumber, etc., and use all the rest of the
bits for routing ?
I *really* don't
exercise for our IPv6 course
JORDI PALET MARTINEZ wrote:
And then next you can say ok, so /32 bits is big enough for your home, so
let's change it again, kill autoconfiguration, ask existing IPv6 users to
redo their addressing plans, renumber, etc., and use all the rest of the
bits for routing
...@matthew.at
Reply-To: matt...@matthew.at
Date: Fri, 23 Jul 2010 07:22:53 -0700
To: Jordi Palet Martínez jordi.pa...@consulintel.es
Cc: nanog@nanog.org
Subject: Re: Addressing plan exercise for our IPv6 course
JORDI PALET MARTINEZ wrote:
And then next you can say ok, so /32 bits is big
On Jul 23, 2010, at 2:50 AM, Jens Link wrote:
Owen DeLong o...@delong.com writes:
In all reality:
1. NAT has nothing to do with security. Stateful inspection provides
security, NAT just mangles addresses.
You know that, I know that and (hopefully) all people on this list know
It is not about how many devices, it is about how many subnets, because you
may want to keep them isolated, for many reasons.
It is not just about devices consuming lots of bandwidth, it is also about
many small sensors, actuators and so.
I have no problems with giving the customer several
Owen DeLong wrote:
On Jul 22, 2010, at 9:51 PM, Joe Maimon wrote:
Funny how so much concern is given to eliminating the possibility of end users
returning for more space, yet for ISP's we have no real concern with what will
happen when they near depletion of their /32 what with /48s
sth...@nethelp.no wrote:
It is not about how many devices, it is about how many subnets, because you
may want to keep them isolated, for many reasons.
It is not just about devices consuming lots of bandwidth, it is also about
many small sensors, actuators and so.
I have no problems with
-Original Message-
From: Matthew Kaufman [mailto:matt...@matthew.at]
Sent: Thursday, July 22, 2010 8:38 PM
To: valdis.kletni...@vt.edu
Cc: nanog list
Subject: Re: Addressing plan exercise for our IPv6 course
Home wifi router vendors will do whatever it takes to make this work,
so
On Fri, 2010-07-23 at 17:53 +0200, sth...@nethelp.no wrote:
And I'm not saying to forget about what we have learn with DHCP, in
fact DHCPv6 has many new and good features, but for many reasons,
autonconfiguration is good enough, and much more simple.
[...]
For our scenarios DHCPv6 is
1 - 100 of 125 matches
Mail list logo