[184493] in North American Network Operators' Group
Re: /27 the new /24
daemon@ATHENA.MIT.EDU (Mel Beckman)
Sun Oct 4 11:53:45 2015
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: Randy Bush <randy@psg.com>
Date: Sun, 4 Oct 2015 15:53:40 +0000
In-Reply-To: <m237xqllnp.wl%randy@psg.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Randy,
Your claim is a red herring. IPSec has nothing to do with IPv6 deployment. =
Deployment doesn't require global IPSec, which need only reside in endpoint=
nodes. It's not needed at all in the routjg and distribution infrastructur=
e, which is where deployment happens
The vast majority of IPv6 nodes -- which is where the IPSec requirement exi=
sts -- have IPSec built in: Linux, Mac OSX, and Windows. Devices that somet=
imes act as nodes, such as firewalls terminating IPSec tunnels, also obviou=
sly need IPSec. Devices that are simply IPv6 pass-through, such as consumer=
-grade routers, don't.
Users can buy whatever level of functionality they need at the edges. If yo=
u don't need IPSec tunnel support in your firewall, you can buy one without=
it. Deployment cares nothing about IPSec.
-mel beckman
On Oct 4, 2015, at 8:05 AM, Randy Bush <randy@psg.com<mailto:randy@psg.com>=
> wrote:
If it doesn't support IPSec, it's not really IPv6.
by that criterion, ipv6 deployment is effectively zero
