[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ping-pong phenomenon with p2p links & /127 prefixes

To: "Manfredi, Albert E" <albert.e.manfredi@boeing.com>
Subject: Re: ping-pong phenomenon with p2p links & /127 prefixes
From: Fred Baker <fred@cisco.com>
Date: Mon, 23 Aug 2010 15:51:59 -0700
Cc: Jared Mauch <jared@puck.nether.net>, "v6ops@ops.ietf.org" <v6ops@ops.ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>
In-reply-to: <B0147C3DD45E42478038FC347CCB65FE021C33148E@XCH-MW-08V.mw.nos.boeing.com>
References: <20100823224736.74b0747f@opy.nosense.org><m2wrrhv4qo.wl%randy@ps g.com><20100823231654.59ee3502@opy.nosense.org><20100823.172400.74676472.st haug@nethelp.no><20100824064118.75effea7@opy.nosense.org> <B6A4911A-3E0D-4F63-8935-35A86F6B2DD1@puck.nether.net> <B0147C3DD45E42478038FC347CCB65FE021C33148E@XCH-MW-08V.mw.nos.boeing.com>

On Aug 23, 2010, at 2:53 PM, Manfredi, Albert E wrote:

> Jared Mauch:
> 
>> The biggest feedback I hear from people about IPv6 (besides the extra
>> bits for addressses) is "Security", but they generally don't know what
>> that is outside marketing speak.
> 
> +1, in spades. Nor do these folk seem to appreciate that it's not the network that bears the greatest burden in providing that security. It is the clients.

They also don't get that it doesn't buy you anything if you don't use it, or that it is generally available on IPv4 systems as well. Do a packet capture on your favorite LAN and measure the percentage of IPsec-protected traffic. Then ask yourself how many of those systems in fact implement IPsec code. It's largely about the distribution of certificates and "turning it on".

> And that this is also true with IPv4. You don't get security if only the network is secure. Conversely, you can get security if the network is not secure.
> 
> The /64 limitation only applies for SLAAC. Seems to me that there are many service providers with examples of links where SLAAC isn't applicable. I don't see why models that work with IPv4, like CIDR, must be rejected out of hand. Making IPv6 "less different" from IPv4 can only help its implementation, IMO.
> 
> And too, good IPv6 ideas, like multiple addresses per client, also create new problems and new mechanisms for non-reachability, which are still having to be solved.
> 
> Bert
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

References:
- Re: ping-pong phenomenon with p2p links & /127 prefixes
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
- Re: ping-pong phenomenon with p2p links & /127 prefixes
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
- Re: ping-pong phenomenon with p2p links & /127 prefixes
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>

Prev by Date: Re: ping-pong phenomenon with p2p links & /127 prefixes
Next by Date: RE: ping-pong phenomenon with p2p links & /127 prefixes
Previous by thread: Re: ping-pong phenomenon with p2p links & /127 prefixes
Next by thread: Re: ping-pong phenomenon with p2p links & /127 prefixes
Index(es):
- Date
- Thread