Re: IPv6 for Websites from gwood83_at_gmail.com on 2012-09-28 (Ccielab archives 09/2012)

From: <gwood83_at_gmail.com>
Date: Fri, 28 Sep 2012 15:16:27 -0700

NAT is not a security deterrent.

Sent from my HTC on the Now Network from Sprint!

----- Reply message -----
From: "Joseph L. Brunner" <joe_at_affirmedsystems.com>
Date: Fri, Sep 28, 2012 11:40 am
Subject: IPv6 for Websites
To: "Kenneth Ratliff" <lists_at_cluebat.net>, "Cisco certification" <ccielab_at_groupstudy.com>

Sadly,

While I agree with you that it's coming -

Then it's security risk to put EVERYTHING out on the internet with no firewall. For many years "nat" has been a "firewall" of sorts - the inside hosts were somewhat protected by way of them not being reachable via their RFC1918 addressing -

Now,

We are getting /44's or /32's from ARIN, doling them out via DHCPv6 to desktops and devices - who should be left to maintain the firewall? The carrier? The coffee bar?

Pretty scary stuff...

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Kenneth Ratliff
Sent: Friday, September 28, 2012 2:30 PM
To: Cisco certification
Subject: Re: IPv6 for Websites

Well, I'm not going to get into a length comparison fight, but I'm pretty sure my network is bigger than yours :)

And I can assure you that RFC1918 does have scalability limitations which have been reached in fact, not in theory. Fortunately, we had some very smart people who looked at the expected growth and realized it would be less painful to change stuff now rather than later.

The rest is all a matter of opinion, but regardless of whether you think
ipv6 is an operational need, or a marketing scam, it is coming, and you ignore it at your own peril.

On 9/28/12 2:10 PM, "Joseph L. Brunner" <joe_at_affirmedsystems.com> wrote:

>"Those customers have a lot of devices, usually 2 of which per site
>need an IP which cannot be NAT'd, because a direct connection is
>required for management and billing purposes."
>
>I have vpn's to many sites from ASA 5540's for this purpose... in some
>places that if I screwed up, you would not have lights in your home :)
>
>I can assure RFC1918 scales to the largest networks in the world.
>
>The IP routing folks want IPv6 because they see billions (ok Trillions)
>being spent on Iphone, ipads, mac air's and they want their share...
>it's cool.
>
>
>The killer app for Networking would be physical connectivity lines that
>never go down... can we get that and keep our IPv4 space?

Blogs and organic groups at http://www.ccie.net
Received on Fri Sep 28 2012 - 15:16:27 ART

This archive was generated by hypermail 2.2.0 : Mon Oct 01 2012 - 06:40:29 ART