nanog mailing list archives
Re: Pointer for documentation on actually delivering IPv6
From: Joel Jaeggli <joelja () bogus com>
Date: Sun, 12 Dec 2010 18:02:54 -0800
On 12/6/10 6:55 AM, Jared Mauch wrote:
On Dec 6, 2010, at 8:35 AM, Jeff Johnstone wrote:Speaking of IPV6 security, is there any movement towards any open source IPV6 firewall solutions for the consumer / small business? Almost all the info I've managed to find to date indicates no support, nor any planned support in upcoming releases. Any info would be helpful.Honestly (and I'm sure some IPv6 folks will want me injured as a result) there should be some '1918-like' space allocated for the corporate guys who "don't get it", so they can nat everyone through a single /128. It would make life easier for them and quite possibly be a large item in pushing ipv6 deployment in the enterprise.
There's literally not to prevent them from doing that today. there's a /8 of ual-l and nat66 implementations exist.
I don't see our corporate IT guys that number stuff in 1918 space wanting to put hosts on 'real' ips. The chances for unintended routing are enough to make them say that v6 is actually a security risk vs security enabler is my suspicion.
the chances of unitended routing with overlapping rfc-1918 domains and a bit of 2547 vpn in the mix are non trivial... Using GUA ipv6 space there's at least some chance that I'll actually see the leak and interpret it as such rather than wondering why my packets are going into a black hole or being discarded as out of state becuase they come back on a different VRF than they go out on.
- Jared
Current thread:
- Re: Pointer for documentation on actually delivering IPv6, (continued)
- Re: Pointer for documentation on actually delivering IPv6 Jared Mauch (Dec 06)
- Re: Pointer for documentation on actually delivering IPv6 Owen DeLong (Dec 06)
- Re: Pointer for documentation on actually delivering IPv6 Jack Bates (Dec 06)
- Re: Pointer for documentation on actually delivering IPv6 Dobbins, Roland (Dec 06)
- Re: Pointer for documentation on actually delivering IPv6 Joe Greco (Dec 06)
- Re: Pointer for documentation on actually delivering IPv6 Truman Boyes (Dec 06)
- Re: Pointer for documentation on actually delivering IPv6 david raistrick (Dec 07)
- Re: Pointer for documentation on actually delivering IPv6 Chuck Anderson (Dec 07)
- Re: Pointer for documentation on actually delivering IPv6 Owen DeLong (Dec 07)
- Re: Pointer for documentation on actually delivering IPv6 Joel Jaeggli (Dec 07)
- Re: Pointer for documentation on actually delivering IPv6 Joel Jaeggli (Dec 12)
- Re: Pointer for documentation on actually delivering IPv6 Joel Jaeggli (Dec 09)
- RE: Pointer for documentation on actually delivering IPv6 George Bonser (Dec 09)
- Re: Pointer for documentation on actually delivering IPv6 Wil Schultz (Dec 09)
- Re: Pointer for documentation on actually delivering IPv6 Pete Carah (Dec 09)
