Re: ***SPAM*** Re: IPv6 support in firewalls

["Steven M. Bellovin" <smb () cs columbia edu>]

There were a lot of things that went wrong with the IPv6 process.  The
net result was that the complexity ended up in the wrong place, fixing
problems no one had and ignoring real problems.  Options were fixed,
from the perspective of the routers, but ignoring some of the host
security issues (though since we assumed IPsec, those were perceived to
matter less).  ARP was "improved" and DHCP ignored, even though those
worked well.  But nothing was done about multihoming, routing table
growth, or ID/locator split because those -- according to some, and I
know that you know whom I'm talking about -- weren't "just like IPv4".

Except for "map and encap", though, I don't think any other decision
would have made the conversion easier or faster.  No matter what the
proposal, five years of engineering would have been needed to fill in
all the missing pieces, and more time to convert hosts and apps.
Map-and-encap would have provided transport ability on a v4 backbone,
though, which would have meant that the ISPs could move off the
critical path.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards