nanog mailing list archives
Re: IPv6 Ignorance
From: Timothy Morizot <tmorizot () gmail com>
Date: Sun, 16 Sep 2012 19:26:22 -0500
On Sep 16, 2012 6:58 PM, "John R. Levine" <johnl () iecc com> wrote:
IPv6 has its problems, but running out of addresses is not one of them. For those of us worried about abuse management, the problem is the opposite, even the current tiny sliver of addresses is so huge that techniques from IPv4 to map who's doing what where don't scale.Well, in IPv4... NAT broke it, because networks implementing 1:many NAT could no longer easily identify what host was responsible for abuse.I realize that's a problem in theory, in practice it's not because it's
still rare to have interestingly different hosts behind a single NAT.
What do you mean by suggesting IPv4 abuse management techniques to map
whose doing what, where do not scale to IPv6's larger address space?
Large networks keep separate reputation for every address in the IPv4
address space based on the traffic they send. You can't do that in IPv6, particularly since hostile bots can easily hop around within a /64, which is bad news if that /64 also has some legit hosts. Of course, as soon as CGN (or LSN or NAT444) is added to IPv4 the same problem exists in practice as well as theory. So old practices will have to be improved and replaced regardless.
Current thread:
- IPv6 Ignorance Seth Mattinen (Sep 16)
- Re: IPv6 Ignorance John T. Yocum (Sep 16)
- Re: IPv6 Ignorance Seth Mattinen (Sep 16)
- Re: IPv6 Ignorance Justin M. Streiner (Sep 16)
- Re: IPv6 Ignorance John Mitchell (Sep 16)
- Re: IPv6 Ignorance Jimmy Hess (Sep 16)
- Re: IPv6 Ignorance John Levine (Sep 16)
- Re: IPv6 Ignorance Jimmy Hess (Sep 16)
- Re: IPv6 Ignorance John R. Levine (Sep 16)
- Re: IPv6 Ignorance Jimmy Hess (Sep 16)
- Re: IPv6 Ignorance Timothy Morizot (Sep 16)
- Re: IPv6 Ignorance Owen DeLong (Sep 17)
- Re: IPv6 Ignorance Jimmy Hess (Sep 16)
- Re: IPv6 Ignorance John T. Yocum (Sep 16)
- Re: IPv6 Ignorance Michael Thomas (Sep 16)
- Re: IPv6 Ignorance Jimmy Hess (Sep 16)
- Re: IPv6 Ignorance Mikael Abrahamsson (Sep 16)
- Re: IPv6 Ignorance Randy Bush (Sep 16)
- Re: IPv6 Ignorance Mikael Abrahamsson (Sep 16)