North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Assigning IPv6 /48's to CPE's?

  • From: Rick Astley
  • Date: Fri Jan 04 19:12:51 2008
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=35utP2LVN/gDtEmQEkykmzEOXRlx+tmjD+fQQ/Kwpzg=; b=m3vYP90r8xpNZnnqYWwDP09LOT/Q/tQg7NgVnDgxKMNlafHjP++a1AxdA+aR13nkBzCgSjEhV0weFIMfzKJ3ejxRVlrXHEsP5UMRSlTFXPETvJwycrGg5NXHLrsPzQv0K0u8TbrrGYyqH90NrT5o9dWjz79aKwomufS6EnprHTM=
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=M0xM/8benPYhP7cg59Ih8N0V5vvEhP6X1U5QkChclB9CtXy5lMaaGO1LihD93+ecqN7swO3ppVPgh1/HzlRfrsZsZhJf14ctoaIAfzUdCI6hSXdLOeaf+3Pqqh8iwpSPLe9xojN0IWC99RME+AmNgR1qimgWrp/bHL2ysLn3ZQQ=
As much as I don't want to resurrect this conversation again or beat a dead (now glued) horse: In the SOHO arena, today's NAT users may or may not opt to use SPI down the road.

Many people just opt for the cheapest working solution and use defaults, so what we end up depends on what vendors like Linksys and Netgear decide. I am sure there will be customer demand for firewall functionality as well, but how much is not clear.

I am talking about SOHO users because they are a big portion of the large DDoS networks and an important frontier in the fight against worm propagation.

I know large mostly unused pools of client IP's make it more difficult to use traditional worm propagation methods in IPv6[1], but if customers move from IPv4 "firewalls" to IPv6 "routers", we still lose an important layer of security.


1. worm propagation strategies in an IPv6 Internet - http://www.cs.columbia.edu/~smb/papers/v6worms.pdf