[97197] in North American Network Operators' Group
Re: Cool IPv6 Stuff
daemon@ATHENA.MIT.EDU (Owen DeLong)
Mon Jun 4 12:11:54 2007
In-Reply-To: <46642CCA.4000704@bogus.com>
Cc: Adrian Chadd <adrian@creative.net.au>,
Sam Stickland <sam_mailinglists@spacething.org>,
NANOG list <nanog@nanog.org>
From: Owen DeLong <owen@delong.com>
Date: Mon, 4 Jun 2007 09:05:51 -0700
To: Joel Jaeggli <joelja@bogus.com>
Errors-To: owner-nanog@merit.edu
--Apple-Mail-55-802490498
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=US-ASCII;
delsp=yes;
format=flowed
>> In fact, and call me crazy, but I can't help but wonder how many
>> enterprises
>> out there will see IPv6 and its concept of "real IPs for all
>> machines,
>> internal and external!" and respond with "Hell No."
>>
That's an education problem. There's no security gain from not
having real
IPs on machines. Any belief that there is results from a lack of
understanding.
>> Anyone got any numbers for that? I'm happy to admit I don't. :)
>
Nope.
>
> Hence the discussion of site-local (dead), ula, ula-c etc.
>
Site-Local sort of provided that, but, as pointed out, dead.
ULA-random sort of provides it, except that ULA-random only provides
likely uniqueness and so really is the worst of both problems.
There's not
enough guarantee of collision to really prevent it from getting
routed, and,
there's not enough of a guarantee of uniqueness to make organizations
worried about such things comfortable with it.
ULA-C is just Provider-Independent Real addresses with a label stuck
on them that says "These aren't the droids you're looking for, move
along".
Really, the only thing that distinguishes ULA-C from PI is mindset and
router configuration. The former is known to vary in unpredictable
manners.
The latter is known to vary with the application of $$$.
> However widespread use of private address space in ipv4 costs people
> huge amounts of money when you have to merge the business processes of
> two or more large enterprise networks.
>
Yep. Hence the v6 concept of real addresses everywhere. People seem to
have forgotten that private addresses and NAT were a hack designed to
cope with a situation that v6 is supposed to actually solve. I admit
v6 does
not completely solve the problem (at least not yet), but, it solves
enough of
it that we shouldn't be clinging to the v4 hacks that got us by as we
move to
v6.
Owen
--Apple-Mail-55-802490498
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Disposition: attachment;
filename=smime.p7s
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIERDCCBEAw
ggOpoAMCAQICARQwDQYJKoZIhvcNAQEFBQAwgaYxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTER
MA8GA1UEBxMIU2FuIEpvc2UxGjAYBgNVBAoTEURlTG9uZyBDb25zdWx0aW5nMSUwIwYDVQQLExxE
ZUxvbmcgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQDEw1jYS5kZWxvbmcuY29tMRwwGgYJ
KoZIhvcNAQkBFg1jYUBkZWxvbmcuY29tMB4XDTA2MTIxNjE2MzcxN1oXDTE2MTIxMzE2MzcxN1ow
fTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRowGAYDVQQKExFEZUxvbmcgQ29uc3VsdGluZzEP
MA0GA1UECxMGUGVyc29uMRQwEgYDVQQDEwtPd2VuIERlTG9uZzEeMBwGCSqGSIb3DQEJARYPb3dl
bkBkZWxvbmcuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7H7JBEUaAy56E6qY
0JoHKfI+6QT7hYjnc1JezeZOA5XxK7QERkx8rdcND47xeNXjw06ZMjfhrcGkxM+1PEatBxC1Aax1
V95fKtw0DkNMKRgH138E6mZhwuWsvcA1bhxJQQc++SumEX5Uyr5dX4jYy2WgmaLKc8TD/N5G+/zb
Rc1sLrznovNvv7daKfDFlufRkPnLpeG0gx/HIFa4csMNYH2rdLt2xUBAt4TSy3fjEbp0HFVRJI4G
QRHbMmb6tBMnT9vpUZrwMHydqHHTiGr2A8PgdQeQLNEknKynVFTjJIXhBUSINhCl2HtQA+TKv+gu
EF9HrIybZSDlhGym0JUgKwIDAQABo4IBIDCCARwwCQYDVR0TBAIwADAdBgNVHQ4EFgQUzaaV8BC8
UhxaWk6IQTpqK9mLnSgwgdMGA1UdIwSByzCByIAU15gTZIxt8E1K2l0KkjrRFpdc5eyhgaykgakw
gaYxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTERMA8GA1UEBxMIU2FuIEpvc2UxGjAYBgNVBAoT
EURlTG9uZyBDb25zdWx0aW5nMSUwIwYDVQQLExxEZUxvbmcgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MRYwFAYDVQQDEw1jYS5kZWxvbmcuY29tMRwwGgYJKoZIhvcNAQkBFg1jYUBkZWxvbmcuY29tggEA
MBoGA1UdEQQTMBGBD293ZW5AZGVsb25nLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCWRsD48eQfaNKH
K2lohMTD9voszp/GuoWTyi6RckNxW0b0V0gv7ZGH1BUmgq2Jt7SjIis7vTY3FCZUDcR9e7fpBXJL
/euk2pPEBSHbCWAYO+uFeZ17UHz0WtInBB7Yo2EHUrkf4jeJDL7rHOG5YOVQzoV1+vdFkmQvPCPX
zPyYyzGCA7cwggOzAgEBMIGsMIGmMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExETAPBgNVBAcT
CFNhbiBKb3NlMRowGAYDVQQKExFEZUxvbmcgQ29uc3VsdGluZzElMCMGA1UECxMcRGVMb25nIENl
cnRpZmljYXRlIEF1dGhvcml0eTEWMBQGA1UEAxMNY2EuZGVsb25nLmNvbTEcMBoGCSqGSIb3DQEJ
ARYNY2FAZGVsb25nLmNvbQIBFDAJBgUrDgMCGgUAoIIB3zAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
AQcBMBwGCSqGSIb3DQEJBTEPFw0wNzA2MDQxNjA1NTNaMCMGCSqGSIb3DQEJBDEWBBSHQcL5Yr9w
lL19Y/nkuMP/pA3jcDCBvQYJKwYBBAGCNxAEMYGvMIGsMIGmMQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCQ0ExETAPBgNVBAcTCFNhbiBKb3NlMRowGAYDVQQKExFEZUxvbmcgQ29uc3VsdGluZzElMCMG
A1UECxMcRGVMb25nIENlcnRpZmljYXRlIEF1dGhvcml0eTEWMBQGA1UEAxMNY2EuZGVsb25nLmNv
bTEcMBoGCSqGSIb3DQEJARYNY2FAZGVsb25nLmNvbQIBFDCBvwYLKoZIhvcNAQkQAgsxga+ggaww
gaYxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTERMA8GA1UEBxMIU2FuIEpvc2UxGjAYBgNVBAoT
EURlTG9uZyBDb25zdWx0aW5nMSUwIwYDVQQLExxEZUxvbmcgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MRYwFAYDVQQDEw1jYS5kZWxvbmcuY29tMRwwGgYJKoZIhvcNAQkBFg1jYUBkZWxvbmcuY29tAgEU
MA0GCSqGSIb3DQEBAQUABIIBAOfgw0qDcgZ8HFN/Db8VjQSTKKmpKvfZdYKAqusp+1ha/aln3Mra
cqcs4M9vxmvcR+uQFwj4qaA18449Jt7AlMOg4RZsQqXO8yQOwmnz5b3FbtzH7VNv6RQct38JvK2I
ZjU9YMRFIqK8Cx/+mesm07r0fzC+9BGz+Jr43jvSRbnz/AioVjir4mmjyLG2tHNUNVcIysrlxRHS
6IZLuHi44CdWQMMcb/b/JqwrDdwXlXNbuWeASJVpPC2ikSPHqvLCLiZi3Id0r8gIElTqPKH1/hBf
3WImhitdbweztXlJvlyolknLBnfpmfLrE5utYj2OfL7iswaLpqopaOgKrDv96K4AAAAAAAA=
--Apple-Mail-55-802490498--
