Re: [opensuse] IPv6 firewall

Hash: SHA1

James Knott wrote:
G T Smith wrote:
James Knott wrote:

?! Early adopters are usually the ones who end up in difficulty. Those
who learn by someone else mistakes and do their own R&D usually are
better positioned to not be cut by the bleeding edge when they do decide
to adopt.

I was referring to a period for setting things up and making sure they
work, before deploying to customers, although they might be offered a
"beta" service. Doing so is much better that working in panic mode,
where you all of a sudden find you have to do something yesterday, to
provide what your customers need NOW!!!. What happens to an ISP, who
ignored the depletion of IPv4 addresses, when the day comes when he goes
to get another IPv4 block and can't get one? Will they then start
learning about IPv6? IPv6 has been in the works for many years (I first
read about it 15 years ago) and has been in use for years too. The
tools are already here. It's been proven. The ones who will have
problems are the ones who haven't prepared. Not understanding where
your business is heading and preparing for it is not only short sighted,
it's suicidal.

My mobile provider uses NAT 10.x.x.x addresses while the land network
seems to have fairly large network address pool (possibly by grabbing
address space a long time ago), while some latecomer ISPs may be facing
this as a potential problem (as they missed the early allocation grab).
In the old scheme where countries tended to be allocated class A
addresses, may have also had the result that some of the smaller nations
may not be facing the same issues I think some providers will need a
lot of persuading that this is a immediate problem for consumer networks
for some time to come (commercial and academic networks are a different
story). I remember predictions that American/European address space
would runout a decade ago, it has not yet. The introduction of NAT seems
to have mitigated some of the address issues.

Usage of IPv6 is still not really that high, though policy decisions in
the US and Asian address requirements will increase usage

- --
I have always wished that my computer would be as easy to use as my
My wish has come true. I no longer know how to use my telephone.

Bjarne Stroustrup
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE -

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Relevant Pages

  • Re: IPv6 in FC4 - How
    ... though the configuration defaults to "no", ... Listing routes is something like "ip -6 route ls". ... etc, etc, etc) already understand IPv6 and may (for the servers at ... and restart your network so it gets properly configured. ...
  • [fw-wiz] ***SPAM*** Re: IPv6 support in firewalls
    ... Marcus, a proposal nearly identical to what you suggest was one of the first presented at the IETF in the mid-1990s. ... Over a decade later, and we've bent, twisted, tunneled, re-mapped, stretched, and NAT'd IPv4 until it does everything IPv6 promised - and now, all IPv6 brings to the table is a bigger field for addresses and an ungainly, unwanted and arguably unwarrantable transition scenario. ... Oh, for the record, I was one of the folks who wrote OSI's network protocol. ...
  • Re: RADIUS for MAC authentication in WLAN, how doing it?
    ... > the first two decades of widespread IPv6 use. ... one of the most harmful services provided by this network ... After configuring NetBSD to connect to Freenet6: ... > Nowadays any router worth its salt can deal with any CIDR subnet. ...
  • Re: [fw-wiz] IPv6 and IPSec
    ... >> Now, as a system administrator, how are you going to track down a virus ... network to network). ... Nice thing is that, with IPv6, you can have ... up an IPv6 tunnel back out that slid right past all the IDS they had. ...
  • Re: IPv6 intruders
    ... Are you building an IPv6 network without even knowing it? ... The NSA has designated Norwich University a center of Academic Excellence in Information Security. ... this does not give much information with regards to your statement on undetected ipv6 "hackers". ...