Re: [fw-wiz] IPv6
- From: Dave Piscitello <dave@xxxxxxxxxxx>
- Date: Fri, 07 Jan 2011 09:24:03 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Administrative nightmare aside, I agree it's possible and possibly
sustainable, perhaps while some governments heed Darren's advice and
It certainly seems like the majority of organizations are relying on
this to prove true.
Problems will only grow as some networks evolve from
"only IPv4" to
"v4 and v6, prefer v4" to
"v4 and v6, prefer v6" to
"only v6" (not in my lifetime or perhaps my childrens')
And I'm not only talking about routing/reachability here. Some of these
problems are currently seen in DNS implementations (stub and resolver
handling of responses) and servers (what people include in their zone
files and how OSs work, see this thread for a sample
I am also not convinced that some 11th hour 59th minute "change of
heart" won't occur, and someone will convince the community of an
alternative course. A surprising number of class A's could be returned
to the allocation pool (Interop just returned one). Perhaps we'd do
better with Moskowitz's Host ID in the prolonged NAT'd world you
envision. I don't know enough about how this works to assert this but
Bob would. But I'm not certain that we really need to have statistically
publicly unique addresses for every device and RFID enable container,
either. This could prove to be the lazy path forward.
I say "lazy path forward" because at this point IPv6 is nearly 2 decades
old and arguably has less of a foothold than ISDN after the same time
span. Almost all of what was considered "innovation" is either enfolded
into IPv4 or proven to be less useful than imagined. I suspect a fair
number of right-thinking people are asking "is this the best we can do?
are we really only doing this because we are running out of addresses?"
I worry that we'll *only* get a bigger address space out of this
migration and that is a tragedy.
Sorry if I've rambled...
On 1/6/2011 7:00 PM, Paul Melson wrote:
On Thursday, January 6, 2011, Dave Piscitello <dave@corecom.-----BEGIN PGP SIGNATURE-----
If ever the phrase "living on borrowed time" applied to the Internet, it
might be now. Many organizations are approaching a time when they may
have to accept a weaker security deployment in order to add systems
because they won't be able to obtain IPv4 addresses.
Nah, RFC1918 reserved address spaces and NAT ensure ridiculous levels
of internal scalability. It's an ugly administrative nightmare, but
very much possible. And with the right public-facing services
infrastructure, it's possible to obscure tens of thousands of servers
behind a single IPv4 address. As an industry, we have yet to plumb
the true depths of IP address space management. And until we do,
where's the incentive to push for v6 adoption?
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
adr;dom:;;3 Myrtle Bank Lane;Hilton Head;SC;29926
firewall-wizards mailing list