[fw-wiz] ***SPAM*** Re: IPv6 support in firewalls
- From: Dave Piscitello <dave@xxxxxxxxxxx>
- Date: Thu, 23 Aug 2007 14:42:03 -0400
Marcus, a proposal nearly identical to what you suggest was one of the first presented at the IETF in the mid-1990s. At the time, the intelligentiaTF poo-pooed it as not being sufficiently forward-looking and innovative. It didn't consider 64-bit alignment. It didn't *fix* options. It didn't *fix* QOS. It didn't accommodate IP security in a "native" manner.
Happily, time wounds all heels. Over a decade later, and we've bent, twisted, tunneled, re-mapped, stretched, and NAT'd IPv4 until it does everything IPv6 promised - and now, all IPv6 brings to the table is a bigger field for addresses and an ungainly, unwanted and arguably unwarrantable transition scenario.
Jot down your proposal in an internet-draft. I bet you find a surprising number of technical folks who'll happily reconsider IPv6 deployment in favor of what I suggest you call IPkiss.
Oh, for the record, I was one of the folks who wrote OSI's network protocol (and yes, it is dog ugly, but name me a protocol developed by committee that isn't...). We didn't write it because we wanted to be remembered as a clever bunch. We wrote it because we didn't want to be remembered as the lame bunch of idiots who left public, switched networking in the hands of X.25 and ISDN operators, because in the early 1980s, the rest of the world wasn't about to adopt US DOD protocols, and because we figured any network layer datagram, no matter how ugly, would be a far site better than living the rest of our networking lives under the thumb of network operators whose vision of broadband was 1 megabit per second.
Marcus J. Ranum wrote:
Darren Reed wrote:begin:vcardThe only way that they can plan to do this is by specifying
that IPv6 is used - there is no other alternative.
That's because nobody's looking for one. So IPV6 becomes
both the question and the answer.
This is remarkably familiar for those of us who survived
the early days of the OSI wars. There was no alternative to
OSI, either. Except for the simple little protocol that
just worked.
Left fill with zeroes, bump the version number, double the
address space size, and let 'er rip. Sure, there'd be some
details to sort out, but in terms of the complexity of
cutting over to IPV6 it'd be a weekend job. The problem is
that the people who COULD do it don't WANT to do it
because they all want to be part of the clever bunch who
wrote The Next Big Standard (by the way, that same
thinking was what torpedoed OSI: one standard committee
too many...)
mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
fn:David Piscitello
n:Piscitello;David
adr;dom:;;3 Myrtle Bank Lane;Hilton Head;SC;29926
email;internet:dave@xxxxxxxxxxx
x-mozilla-html:FALSE
url:http://hhi.corecom.com/weblogindex.htm
version:2.1
end:vcard
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] ***SPAM*** Re: IPv6 support in firewalls
- From: Marcus J. Ranum
- Re: [fw-wiz] ***SPAM*** Re: IPv6 support in firewalls
- From: Steven M. Bellovin
- Re: [fw-wiz] IPv6 support in firewalls
- From: Patrick M. Hausen
- Re: [fw-wiz] ***SPAM*** Re: IPv6 support in firewalls
- References:
- [fw-wiz] New to Cisco PIX/ ASA
- From: Keith A. Glass
- [fw-wiz] IPv6 support in firewalls
- From: Dave Piscitello
- Re: [fw-wiz] IPv6 support in firewalls
- From: Marcus J. Ranum
- Re: [fw-wiz] IPv6 support in firewalls
- From: Darren Reed
- Re: [fw-wiz] IPv6 support in firewalls
- From: Marcus J. Ranum
- [fw-wiz] New to Cisco PIX/ ASA
- Prev by Date: Re: [fw-wiz] IPv6 support in firewalls
- Next by Date: Re: [fw-wiz] IPv6 support in firewalls
- Previous by thread: Re: [fw-wiz] IPv6 support in firewalls
- Next by thread: Re: [fw-wiz] IPv6 support in firewalls
- Index(es):
Relevant Pages
|
