[130958] in North American Network Operators' Group
Re: Only 5x IPv4 /8 remaining at IANA
daemon@ATHENA.MIT.EDU (Owen DeLong)
Mon Oct 18 15:07:11 2010
From: Owen DeLong <owen@delong.com>
In-Reply-To: <20101018181904.GE28093@nudo.bsws.de>
Date: Mon, 18 Oct 2010 12:02:00 -0700
To: Henning Brauer <hb-nanog@bsws.de>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Oct 18, 2010, at 11:19 AM, Henning Brauer wrote:
> * Owen DeLong <owen@delong.com> [2010-10-18 18:29]:
>> The good news is that stateful inspection doesn't go away in IPv6.
>
> that is right.
>
>> It works just fine. All that goes away is the header mangling.
>
> that is partially true. it can work just fine, but all the bloat in v6
> makes it way harder to implement the state tracking than it should be.
>
Actually, the state tracking in IPv6 requires a little more memory, but,
it's actually easier on the silicon and has significant improvements
over IPv4 for ASIC parsing of the headers.
>> It's really unfortunate that most people don't understand the distinction.
>> If they did, it would help them to realize that NAT doesn't actually do
>> anything for security, it just helps with address conservation (although
>> it has some limits there, as well).
>
> right.
>
>> IPv6 with SI is no less secure than IPv4 with SI+NAT.
>
> well, it is. the extension headers are horrible. the v4 mapping horror
> is an insane trap, too. link-local is the most horrid concept ever.
> all hail 160 bit addresses.
>
We can agree to disagree.
Owen
