[146962] in North American Network Operators' Group
Re: IPv6 prefixes longer then /64: are they possible in DOCSIS
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Nov 29 11:30:37 2011
To: Jeff Wheeler <jsw@inconcepts.biz>
In-Reply-To: Your message of "Tue, 29 Nov 2011 03:23:04 EST."
<CAPWAtbLQP0uTwT4Xqy98ax_53T+m9A8buC7ZjHnqN2e2sJyA4g@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 29 Nov 2011 11:28:57 -0500
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1322584137_30055P
Content-Type: text/plain; charset=us-ascii
On Tue, 29 Nov 2011 03:23:04 EST, Jeff Wheeler said:
> On Tue, Nov 29, 2011 at 1:43 AM, <Valdis.Kletnieks@vt.edu> wrote:
> > It's worked for us since 1997. We've had bigger problems with IPv4 worms
>
> That's not a reason to deny that the problem exists. It's even
> fixable. I'd prefer that vendors fixed it *before* there were massive
> botnet armies with IPv6 connectivity, but in case they don't, I do not
> deploy /64.
Umm.. Jeff? I never *tried* to deny the problem exists. But if you have an
eyeball-heavy network, it's hard to not deploy /64s (currently, we do SLAAC to
get the basic config, and DNS/etc is still via dhcp4/IPv4). We just see the
business danger of waiting to start deploying IPv6 till the vendors are perfect
as being a bigger danger than the ND exhaustion issue. (How many years did we
go with ARP and DHCP spoofing being well-known issues before vendors fixed
that? Yeah, exactly.)
--==_Exmh_1322584137_30055P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFO1QhJcC3lWbTT17ARArueAKDrgkJuypoYw7iYWha84g9MaIdUlACfZpo1
0f7EC7VYPMQjqWXX4FER/DY=
=zIXD
-----END PGP SIGNATURE-----
--==_Exmh_1322584137_30055P--
