On Mon, 9 Feb 2009, Ricky Beam wrote:
On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk step...@sprunk.org
wrote:
Non-NAT firewalls do have some appeal, because they don't need to mangle
the packets, just passively observe them and open pinholes when
appropriate.
This is exactly the same
On Tue, 10 Feb 2009 18:03:40 +1100, Matthew Palmer said:
Considering that RFC1918 says nothing about IPv at all, could that be a
blocker for deployment in general? That'd also make for an interesting
discussion re: other legacy protocols (IPX, anyone?)...
I was all set to call shenanigans on
IPTables is decent firewall code.
Not really. It's quite complicated for a non-engineer type to manage.
Think of all the unpatched windows xp/vista users of the world.
It's free.
...
Further, since more and more CPE is being built on embedded linux,
there's no reason that IPTables isn't a
The SOX auditor ought to know better. Any auditor that
requires NAT is incompenent.
Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
RFC1918 addressing ...
SOX auditors are incompetent. I've been asked about anti-virus
software on UNIX servers and then asked to
However the PCI DSS does contain a Compensating controls section, which
allows for the use of functionality which provide[s] a similar level of
defense to the stated requirements, where the stated requirements can not
be followed due to legitimate technical or documented business
constraints
Now
Considering that RFC1918 says nothing about IPv at all,
That may technically be true, but it does explicitly reference IPv4
addresses.
Oh, and when RFC1918 (or more correctly, RFC1597) was written, IP,
TCP/IP, etc. all directly meant IPv4.
(RFC1597 @ 03/94 ... RFC1883 @ 12/95)
On Feb 10, 2009, at 8:52 AM, TJ wrote:
Current versions of the rest (HIPAA, GLBA, SOX, FIPS, etc.) simply
tend to
omit IPv6 completely, and generally require everything not
explicitly called
out to be disabled ... thus, no IPv6 on any network that falls under
any of
these regulations.
Current versions of the rest (HIPAA, GLBA, SOX, FIPS, etc.) simply
tend to omit IPv6 completely, and generally require everything not
explicitly called out to be disabled ... thus, no IPv6 on any network
that falls under any of these regulations.
TJ - You attempted to say that for PCI, and
On Mon, 09 Feb 2009 21:11:50 -0500, TJ trej...@gmail.com wrote:
Your routers fail frequently? And does your traffic continue to get
forwarded? Perhaps through another router?
More frequently than the DHCP server, but neither are frequent events.
Cisco's software is not 100% perfect, and
Your routers fail frequently? And does your traffic continue to get
forwarded? Perhaps through another router?
More frequently than the DHCP server, but neither are frequent events.
Cisco's software is not 100% perfect, and when you plug it into moderately
unstable things like phone lines
On 10/02/2009, at 3:20 PM, Christopher Morrow wrote:
IPv6 it's easier, but you're still limiting the uptime of your
system to
that of the DHCPv6 server. Router advertisements is much more
robust.
'more robust'... except it doesnt' actually get a device into a usable
state without admins
On 11/02/2009, at 10:41 AM, Ricky Beam wrote:
It's useless. It does NOT provide enough information alone for a
host to function. In your own words, you need a DNS server. That
is NOT provided by RA thus requires yet another system to get that
bit of configuration to the host -- either
On Feb 10, 2009, at 4:30 PM, TJ wrote:
But that is my point - Do any of the compliance frameworks /
requirements /
audit standards today address IPv6, or detail how it could be
implemented in
such a fashion as to 'pass' an audit (including the in-house /
consultant-specific audit
In message op.uo5nvrmrtfh...@rbeam.xactional.com, Ricky Beam writes:
On Mon, 09 Feb 2009 21:11:50 -0500, TJ trej...@gmail.com wrote:
Your routers fail frequently? And does your traffic continue to get
forwarded? Perhaps through another router?
More frequently than the DHCP server, but
On Thu, Feb 05, 2009 at 07:19:37PM -0500, Robert D. Scott wrote:
Wii should not even consider developing a cool new protocol for the Wii
that is not NAT compliant via V4 or V6. And if they do, we should elect a
NANOG regular to go POSTAL and handle the problem. The solution to many of
these
On Mon, 9 Feb 2009, Andy Davidson wrote:
On Thu, Feb 05, 2009 at 07:19:37PM -0500, Robert D. Scott wrote:
Wii should not even consider developing a cool new protocol for the Wii
that is not NAT compliant via V4 or V6. And if they do, we should elect a
NANOG regular to go POSTAL and handle
So far as I am aware, this is default behaviour only on certain versions of
Mac OSX, and must be explicitly enabled on all others.
Manually, on the console. RA does not dynamically distribute this
behaviour; the client has to choose it. Usually it is a sysctl or a
registry variable or the like.
On Fri, 06 Feb 2009 22:32:10 -0500, Owen DeLong o...@delong.com wrote:
IPTables is decent firewall code.
Not really. It's quite complicated for a non-engineer type to manage.
Think of all the unpatched windows xp/vista users of the world.
It's free.
...
Further, since more and more CPE
On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk step...@sprunk.org
wrote:
Non-NAT firewalls do have some appeal, because they don't need to mangle
the packets, just passively observe them and open pinholes when
appropriate.
This is exactly the same with NAT and non-NAT -- making any
Ricky Beam wrote:
On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk step...@sprunk.org
wrote:
Non-NAT firewalls do have some appeal, because they don't need to mangle
the packets, just passively observe them and open pinholes when
appropriate.
This is exactly the same with NAT and non-NAT --
On Sat, Feb 7, 2009 at 5:56 PM, Matthew Moyle-Croft
m...@internode.com.auwrote:
My issue is that customers have indicated that they feel statics are a
given for IPv6 and this would be a problem if I went from tens of thousands
of statics to hundreds of thousands of static routes (ie. from a
On 10/02/2009, at 11:35 AM, Scott Howard wrote:
Go and ask those people who feel statics are a given for IPv6 if
they
would prefer static or dynamic IPv4 addresses, and I suspect most/
all of
them will want the static there too. Now ask your average user the
same
question and see if you
On Feb 9, 2009, at 2:11 PM, Ricky Beam wrote:
On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk
step...@sprunk.org wrote:
Non-NAT firewalls do have some appeal, because they don't need to
mangle
the packets, just passively observe them and open pinholes when
appropriate.
This is exactly
On Fri, 06 Feb 2009 09:39:01 -0500, Iljitsch van Beijnum
iljit...@muada.com wrote:
If you want the machine to always have the same address, either enter
it manually or set your DHCP server to always give it the same address.
Manual configuration doesn't scale. With IPv4, it's quite hard to
Nathan Ward wrote:
On 10/02/2009, at 11:35 AM, Scott Howard wrote:
Go and ask those people who feel statics are a given for IPv6 if they
would prefer static or dynamic IPv4 addresses, and I suspect most/all of
them will want the static there too. Now ask your average user the same
question
Ricky Beam wrote:
On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk
step...@sprunk.org wrote:
Non-NAT firewalls do have some appeal, because they don't need to
mangle the packets, just passively observe them and open pinholes
when appropriate.
This is exactly the same with NAT and non-NAT
On 10/02/2009, at 9:54 AM, Stephen Sprunk wrote:
Yes, an ALG needs to understand the packet format to open pinholes
-- but with NAT, it also needs to mangle the packets. A non-NAT
firewall just examines the packets and then passes them on unmangled.
Sure, but at the end of the day a
On Feb 9, 2009, at 3:33 PM, Mark Newton wrote:
On 10/02/2009, at 9:54 AM, Stephen Sprunk wrote:
Yes, an ALG needs to understand the packet format to open pinholes
-- but with NAT, it also needs to mangle the packets. A non-NAT
firewall just examines the packets and then passes them on
On 10/02/2009, at 10:17 AM, Owen DeLong wrote:
Sure, but at the end of the day a non-NAT firewall is just a
special case
of NAT firewall where the inside and outside addresses happen to
be the same.
Uh, that's a pretty twisted view. I would say that NAT is a special
additional capability
Owen DeLong wrote:
In terms of implementing the code, sure, the result is about the same,
but, the key point here is that there really isn't a benefit to having that
packet mangling code in IPv6.
Unless your SOX auditor requires it in order to give you a non-qualified
audit of your
In message 4990c38c.8060...@eeph.com, Matthew Kaufman writes:
Owen DeLong wrote:
In terms of implementing the code, sure, the result is about the same,
but, the key point here is that there really isn't a benefit to having that
packet mangling code in IPv6.
Unless your SOX auditor
Mark Newton wrote:
Fine, you don't like rewriting L3 addresses and L4 port numbers. Yep,
I get that. Relevance?
Just out of what I like and might use, GRE (no port), ESP (no port), AH
(no port), SCTP (would probably work fine with NAT, but I haven't seen
it supported yet and because every
On 10/02/2009, at 11:03 AM, Jack Bates wrote:
There is if you have a dual-stack device, your L4-and-above protocols
are the same under v4 and v6, and you don't want to reinvent the
ALG wheel.
ALG only fixes some problems, and it's not required for as much when
address translations are
Mark Newton wrote:
On a commodity consumer CPE device, the ALG code doubles as a
stateful inspection engine.
So it _is_ required when address translations are not being performed.
H, the code may be there, but I suspect that not all of it will
apply to v6 and be used.
Is security
As I read it, you don't want to use DHCP because it's an other service to
fail. Well, what do you think is broadcasting RA's? My DHCP servers have
proven far more stable than my routers. (and one of them is a windows
server
:-)) Most dhcp clients that keep any state will continue using the
The SOX auditor ought to know better. Any auditor that
requires NAT is incompenent.
Sadly, there are many audit REQUIREMENTS explicitly naming NAT and RFC1918
addressing ...
In message 00cf01c98b24$efe42680$cfac73...@com, TJ writes:
Also, it is not true in every case that hosts need a lot more than an
address.
In many cases all my machine needs is an address, default gateway and DNS
server (cheat off of v4 | RFC5006 | Stateless DHCPv6).
address + default
On Mon, 9 Feb 2009 21:16:49 -0500
TJ trej...@gmail.com wrote:
The SOX auditor ought to know better. Any auditor that
requires NAT is incompenent.
Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
RFC1918 addressing ...
SOX auditors are incompetent. I've been
On Mon, Feb 9, 2009 at 6:16 PM, Ricky Beam jfb...@gmail.com wrote:
On Fri, 06 Feb 2009 09:39:01 -0500, Iljitsch van Beijnum
iljit...@muada.com wrote:
If you want the machine to always have the same address, either enter it
manually or set your DHCP server to always give it the same address.
John Peach wrote:
On Mon, 9 Feb 2009 21:16:49 -0500
TJ trej...@gmail.com wrote:
The SOX auditor ought to know better. Any auditor that
requires NAT is incompenent.
Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
RFC1918 addressing ...
SOX auditors are
The SOX auditor ought to know better. Any auditor that
requires NAT is incompenent.
Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
RFC1918 addressing ...
SOX auditors are incompetent. I've been asked about anti-virus software on
UNIX servers and then asked to
TJ wrote:
When the compliance explicitly requires something they are required to check
for it, they don't have the option of ignoring or waving requirements ...
and off the top of my head I don't recall if it is SOX that calls for
RFC1918 explicitly but I know there are some that do.
I believe
Why would anyone NOT want that?? what replaces that option in current RA
deployments?
One nit - I like to differentiate between the presence of RAs (which should
be every user where IPv6 is present) and the use of SLAAC (RA + prefix).
Right now - Cheat off of IPv4's config.
(Lack of DHCPv6
@nanog.org
Subject: Re: v6 DSL / Cable modems [was: Private use of non-RFC1918 IP
space
snip
DSL and cable modems are extremely simple devices. I'm amazed they have
any amount of router in them at all. And I've yet to see one running
Linux. (the 2 popular brands around here -- westell and motorola
In message 00df01c98b27$3181b7e0$948527...@com, TJ writes:
The SOX auditor ought to know better. Any auditor that
requires NAT is incompenent.
Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
RFC1918 addressing ...
SOX auditors are incompetent. I've been asked
When the compliance explicitly requires something they are required to
check for it, they don't have the option of ignoring or waving
requirements ...
and off the top of my head I don't recall if it is SOX that calls for
RFC1918 explicitly but I know there are some that do.
I believe that
Mark Andrews wrote:
Please cite references.
I can find plenty of firewall required references but I'm
yet to find a NAT and/or RFC 1918 required.
(Skip if you've participated in a SOX audit from the IT department POV)
The way it works is that the law doesn't call for
On Mon, Feb 9, 2009 at 9:47 PM, TJ trej...@gmail.com wrote:
Why would anyone NOT want that?? what replaces that option in current RA
deployments?
One nit - I like to differentiate between the presence of RAs (which should
be every user where IPv6 is present) and the use of SLAAC (RA + prefix).
On Tue, Feb 10, 2009 at 02:16:10PM +1100, Mark Andrews wrote:
In message 00df01c98b27$3181b7e0$948527...@com, TJ writes:
[...SOX auditor stuff...]
When the compliance explicitly requires something they are required to check
for it, they don't have the option of ignoring or waving
security by obscurity is not the way, everyone knows it.
those guys will figure it out sooner or later (where later, might take ages).
in the meanwhile, a lot have pseudo-secured networks thru triple-nat,
quadruple-nat, multiple ipsec'd layered and so, and others live with the hammer
in their
On Mon, Feb 9, 2009 at 9:54 PM, John Osmon jos...@rigozsaurus.com wrote:
It isn't SOX, but sadly enough, PCI DSS Requirement 1.5 says:
Implement IP address masquerading to prevent internal addresses from
being translated and revealed on the Internet. Use technologies that
implement RFC
On Mon, Feb 09, 2009 at 09:27:59PM -0500, TJ wrote:
The SOX auditor ought to know better. Any auditor that
requires NAT is incompenent.
Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
RFC1918 addressing ...
SOX auditors are incompetent. I've been asked about
I suppose you can individually configure every host to get itself
temporary addresses from RA announcements. This isn't usually a
good default configuration, but OS implementation already seems to
be inconsistent on the default configuration here. So we're back to
the IPv4 dark ages
On Feb 7, 2009, at 2:09 AM, Nathan Ward wrote:
On 6/02/2009, at 12:00 PM, Joe Maimon wrote:
This assignment policy is NOT enough for every particle of sand on
earth, which is what I thought we were getting.
There is enough for 3616 /64s, or 14 /56s per square centimetre of
the earth's
I suppose you can individually configure every host to get itself
temporary addresses from RA announcements. This isn't usually a
good default configuration, but OS implementation already seems to
be inconsistent on the default configuration here. So we're back to
the IPv4 dark ages
as I've said a few times now, reason #775 that autoconf is a broken and
non-
useful 'gadget' for network operators. There is a system today that does
lots of client-conf (including the simple default-route +
dns-server) called DHCP, there MUST be a similarly featured system in the
'new world
What most people do of course is VRRP.
Sure, or HSRP or GLBP ... all still doable.
Barring that, you just specify multiple default routers, and the client
will
select the router that still responds to ARP. But support for this is not
universal, so.
Indeed, not universal and in fact default
On Sat, Feb 07, 2009 at 07:51:36PM +1300, Nathan Ward wrote:
I'm not sure, but you seem to be implying that you need to configure hosts
to tell them to use RA or DHCPv6 to get addresses. My apologies if this is
not your intention.
Close, but it is worth clearing up.
RA messages are always
Matthew Moyle-Croft wrote:
Stephen Sprunk wrote:
You must be very sheltered. Most end users, even security folks at
major corporations, think a NAT box is a firewall and disabling NAT
is inherently less secure. Part of that is factual: NAT (er, dynamic
PAT) devices are inherently
But I don't see how you could route some
/48s without having software to route all /48s and that is hugemongous.
As currently spec'ed, you [would|should|could] allow /48s from the specific
PI ranges (1/RIR?) - not just auto-accept all /48s.
/TJ
It would be nice if DHCPv6 (or DHCPv4 for that matter) could include not
only a default, but, a static routing table in what it distributes.
In theory, RAs can - more specific routes, although I don't believe any
vendor (router or client side) supports these as of yet ...
(Default Router
Bill Stewart wrote:
That's not because it's doing dynamic address assignment - it's
because you're only advertising the aggregate route from the
BRAS/DSLAM/etc., and you can just as well do the same thing if you're
using static addresses.
Customers can land on one of a fleet of large BRAS
In message 498bddac.7060...@eeph.com, Matthew Kaufman writes:
Mark Andrews wrote:
WII's should be able to be directly connected to the network
without any firewall. If they can't be then they are broken.
As I'm sure you know, you can tell the difference between an Internet
David W. Hankins david_hank...@isc.org writes:
On Thu, Feb 05, 2009 at 11:42:27PM +0100, Iljitsch van Beijnum wrote:
On 5 feb 2009, at 22:44, Ricky Beam wrote:
I've lived quite productively behind a single IPv4 address for nearly 15
years.
So you were already doing NAT in 1994? Then you
Paul Vixie vi...@isc.org wrote on 02/06/2009 02:20:01 AM:
the fundamental implication is, forget about address space, it's
paperwork
now, it's off the table as a negotiating item or any kind of constraint.
but the size of the routing table is still a bogeyman, and IPv6 arms
that
bogeyman
Matthew Moyle-Croft wrote:
My comment was regarding customers believing that they were going to, by
default, get a statically allocated range, whatever the length.
If most customers get dynamically assigned (via PD or other means) then
the issue is not a major one.
Dynamic or static;
Joe Loiacono wrote:
Indeed it does. And don't forget that the most basic data object in the
routing table, the address itself, is 4 times as big.
Let's also not forget, that many organizations went from multiple
allocations to a single allocation. If we all filter anything longer
than /32,
On Thu, 5 Feb 2009, Paul Timmins wrote:
John Schnizlein wrote:
Maybe upgrades, service packs and updates will make them capable of using
DHCPv6 for useful functions such as finding the address of an available name
server by the time IPv6-only networks are in operation.
And if not,
On Friday 06 February 2009 08:51:04 Jack Bates wrote:
Joe Loiacono wrote:
Indeed it does. And don't forget that the most basic data object in the
routing table, the address itself, is 4 times as big.
Let's also not forget, that many organizations went from multiple
allocations to a single
On Fri, Feb 6, 2009 at 8:51 AM, Jack Bates jba...@brightok.net wrote:
Joe Loiacono wrote:
Indeed it does. And don't forget that the most basic data object in the
routing table, the address itself, is 4 times as big.
Let's also not forget, that many organizations went from multiple
On 6 feb 2009, at 1:15, Ricky Beam wrote:
I see IPv6 address space being carved out in huge chunks for reasons
that equate to little more than because the total space is
inexhaustable. This is the exact same type of mis-management that
plagues us from IPv4's early allocations.
Think of
Tim Durack tdur...@gmail.com wrote on 02/06/2009 09:28:02 AM:
Given that ARIN at least is assigning end-user /48s out of 2620::/23
it would be useful to accept these announcements. If not end-user PI
is dead in the water. Some providers might like that. End-users
probably won't.
That
Joe Loiacono wrote:
Indeed it does. And don't forget that the most basic data object in the
routing table, the address itself, is 4 times as big.
2 times as big, if you believe that routers that need to care about
table size won't do anything about what's past the /64 boundary.
It still
Tim Durack wrote:
Given that ARIN at least is assigning end-user /48s out of 2620::/23 it
would be useful to accept these announcements. If not end-user PI is
dead in the water. Some providers might like that. End-users probably won't.
The ideal solution, I believe, is to support filters
On 6 feb 2009, at 16:02, Joe Loiacono wrote:
Given that ARIN at least is assigning end-user /48s out of 2620::/23
it would be useful to accept these announcements. If not end-user PI
is dead in the water. Some providers might like that. End-users
probably won't.
That range alone is 25 bits of
This is straying from operational to protocol design and implementation,
but as someone who has done a fair bit of both design and implementation...
Iljitsch van Beijnum wrote:
The problem is that DHCP seemed like a good idea at the time but it
doesn't make any sense today. We know that
on seven continents with far more than a 1:1
end user to host ratio.
Jamie
-Original Message-
From: Iljitsch van Beijnum [mailto:iljit...@muada.com]
Sent: Thursday, February 05, 2009 5:42 PM
To: Ricky Beam
Cc: NANOG list
Subject: Re: v6 DSL / Cable modems [was: Private use of non-RFC1918 IP
On Fri, Feb 6, 2009 at 10:22 AM, Jamie Bowden ja...@photon.com wrote:
Five things? Really? My DHCP server hands out the following things to
its clients:
as I've said a few times now, reason #775 that autoconf is a broken
and non-useful 'gadget' for network operators. There is a system today
On Thu, 5 Feb 2009, Matthew Moyle-Croft wrote:
DHCP(v6). Setting the idea in people's heads that a /64 IS going
to be their own statically is insane and will blow out provider's
own routing tables more than is rational.
Routing table size will be a function of the number of customers -
My comment was regarding customers believing that they were going to,
by default, get a statically allocated range, whatever the length.
If most customers get dynamically assigned (via PD or other means)
then the issue is not a major one.
MMC
On 06/02/2009, at 8:56 PM, Paul Jakma wrote:
The problem is that DHCP seemed like a good idea at the time but it
doesn't make any sense today. We know that parsing complex binary data
formats is asking for security problems.
And parsing complex text data structures is better?
What we need is a simple, fast, efficient way to
sth...@nethelp.no wrote:
No, this information must be available in *one* place. It's called a
DHCP server. As an operator, this is clearly what I want, both for IPv4
and IPv6.
DHCP is available, spec'd and implemented on some systems. However,
there are times that DHCP fails (from my
I think this part of the thread is in danger of leaving the realm of
operational relevance, so I will treat these as my closing arguments.
On Fri, Feb 06, 2009 at 03:48:53PM +0100, Iljitsch van Beijnum wrote:
It makes more sense to look at it like this. In the 1990s we had:
No, I think that
DHCP items are end system considerations, not routing network
considerations.
The network operations staff and router configuration engineers do not
generally concern themselves with end systems.
End systems generally are managed quite independently from the routing
network. And, they
On Fri, Feb 06, 2009 at 11:50:55AM -0600, Jack Bates wrote:
Two routers, 2 default routes. Support for shim6 or other multiple IP
What most people do of course is VRRP.
Barring that, you just specify multiple default routers, and the
client will select the router that still responds to ARP.
Randy Bush wrote:
Wii should not even consider developing a cool new protocol for the Wii
that is not NAT compliant via V4 or V6.
what is nat compliant?
RFC 3235 discusses how to make your application work in the Internet
reality that exists today, with NAT boxes everywhere. The document is
David W. Hankins wrote:
What most people do of course is VRRP.
I agree, and I have done this in the past. However, I am very happy with
the support of IPv6 to do away with requiring VRRP.
Barring that, you just specify multiple default routers, and the
client will select the router that
On Feb 6, 2009, at 12:37 PM, Jack Bates wrote:
David W. Hankins wrote:
What most people do of course is VRRP.
I agree, and I have done this in the past. However, I am very happy
with the support of IPv6 to do away with requiring VRRP.
If RA does that in your situation, great.
In my
Roger Marquis wrote:
Seth Mattinen wrote:
Far too many people see NAT as synonymous with a firewall so they
think if you take away their NAT you're taking away the security of a
firewall.
NAT provides some security, often enough to make a firewall
unnecessary. It all depends on what's
Stephen Sprunk wrote:
You must be very sheltered. Most end users, even security folks at
major corporations, think a NAT box is a firewall and disabling NAT is
inherently less secure. Part of that is factual: NAT (er, dynamic
PAT) devices are inherently fail-closed because of their
On Feb 6, 2009, at 7:06 PM, Matthew Moyle-Croft wrote:
Stephen Sprunk wrote:
You must be very sheltered. Most end users, even security folks
at major corporations, think a NAT box is a firewall and disabling
NAT is inherently less secure. Part of that is factual: NAT (er,
dynamic
Tell ya what Owen,
When you can show me residential grade CPE which has a DECENT stateful
firewall then PLEASE let me know.
Needs to do other things well, not crash, not cost hundreds of
dollars, supportable, does VOIP, WIFI etc are manufacturer supported
etc. Of course, it needs to do
On 7/02/2009, at 10:29 AM, David W. Hankins wrote:
I want built in multiple IP bindings on my hosts. I'd like (Windows 7
I suppose you can individually configure every host to get itself
temporary addresses from RA announcements. This isn't usually a
good default configuration, but OS
On 6/02/2009, at 12:00 PM, Joe Maimon wrote:
This assignment policy is NOT enough for every particle of sand on
earth, which is what I thought we were getting.
There is enough for 3616 /64s, or 14 /56s per square centimetre of the
earth's surface, modulo whatever we have set aside for
On 6/02/2009, at 1:01 PM, David W. Hankins wrote:
On Thu, Feb 05, 2009 at 05:12:19PM -0600, Jack Bates wrote:
Operationally, this has been met from my experience. In fact, all
of these
items are handled with stateless DHCPv6 in coordination with SLAAC.
Stateful DHCPv6 seems to be limited
On Feb 4, 2009, at 6:19 PM, Leo Bicknell wrote:
In a message written on Thu, Feb 05, 2009 at 11:58:33AM +1030,
Matthew Moyle-Croft wrote:
My FEAR is that people (customers) are going to start assuming
that v6
means their own static allocation (quite a number are assuming this).
This means
On Wed, 4 Feb 2009, Roger Marquis wrote:
Perhaps what we need is an IPv6 NAT FAQ? I'm suspect many junior network
engineers will be interested in the rational behind statements like:
* NAT disadvantage #1: it costs a lot of money to do NAT (compared to what
it saves consumers, ILECs, or
Scott Howard wrote:
And that brings us back to the good old catch-22
of ISPs not supporting IPv6 because consumer CPE doesn't support it,
and CPE not supporting it because ISP don't...
No, it's because neither need to do it. If they did the apparent
catch-22 would be fixed
Matthew
Given my knowledge of where most large BRAS/Cable vendors are upto - I
don't
think anyone could have. (Cisco won't have high end v6 pppoe support until
late this year!).
Indeed, that is a big part of the problem in the home-user space.
There's a lot of people who clearly don't work for ISPs
On Feb 5, 2009, at 7:41 AM, TJ wrote:
It doesn't solve the problem of an enterprise with more than one
location/network-interconnect... we can go around this rose bush
again and
again and again, but honestly, deployment of v6 happens for real
when there
is a significant business reason to
1 - 100 of 179 matches
Mail list logo