[160025] in North American Network Operators' Group
Re: IPV6 in enterprise best practices/white papaers
daemon@ATHENA.MIT.EDU (Justin M. Streiner)
Wed Jan 30 13:03:01 2013
Date: Wed, 30 Jan 2013 13:02:48 -0500 (EST)
From: "Justin M. Streiner" <streiner@cluebyfour.org>
To: nanog@nanog.org
In-Reply-To: <5106CA5D.6090507@dougbarton.us>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, 28 Jan 2013, Doug Barton wrote:
> On 1/28/2013 7:27 AM, Eugeniu Patrascu wrote:
>> - configure IPv6 firewall rules (mostly a mirror of the IPv4 rulesets)
>
> Hopefully that did not included filtering ICMPv6? :)
The level of IPv6 support in firewalls has been all over the place, even
from vendors who have known IPv6 was coming for a long time ;)
I published a minimum IPv6 firewall ruleset for Cisco ASAs a while back on
some other lists and got only a little feedback, so for the benefit of the
NANOG community, I offer up:
http://www.cluebyfour.org/ipv6/
I will be testing the transition from 8.x to 9.x code in my lab as soon as
this week, so I should have some updated to publish very soon.
Likewise, I'm in the process of getting a DHCPv6 server spun up as well,
so I'll have some updates to publish there as well.
As always, suggestions and constructive feedback are always welcome.
jms
