[97757] in North American Network Operators' Group
Re: The Choice: IPv4 Exhaustion or Transition to IPv6
daemon@ATHENA.MIT.EDU (Eliot Lear)
Mon Jul 2 03:31:11 2007
Date: Mon, 02 Jul 2007 09:29:57 +0200
From: Eliot Lear <lear@cisco.com>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: John Curran <jcurran@mail.com>, Randy Bush <randy@psg.com>,
Stephen Wilcox <steve.wilcox@packetrade.com>, nanog@nanog.org
In-Reply-To: <20070628184439.EE0B5766055@berkshire.machshav.com>
Errors-To: owner-nanog@merit.edu
Steven M. Bellovin wrote:
> Randy is right. It's very simple from 30,000 feet; it's a lot messier
> in detail if done at scale. I'll give just example, using your
> suggestion of converting DMZ: how do you keep your firewall rules
> consistent between v4 and v6 addresses and prefixes?
We actually cover some of this ground in RFC 4192, which talks about v6
renumbering. Also not fun, but v4 is somewhat less fun. This having
been said, and as Simon has noted in a later message, you need to
abstract addresses to make all of this stuff work smoothly. That has to
happen both in the network management tools and within the operating
system. I know that scares the hell out of some people but there is a
high price being paid for not doing it.
Eliot
