nanog mailing list archives

Re: IPv6, IPSEC and deep packet inspection

From: "Stephen Sprunk" <stephen () sprunk org>
Date: Fri, 31 Dec 2004 15:08:46 -0600


Thus spake "Merike Kaeo" <kaeo () merike com>


An IPv6 network is sufficiently different from IPv4 that I encourage
folks to not simply slap an IPv4 security  model onto future IPv6
networks.


The links, routers, switches, applications, admins, and budget are all the
same, and layers 3 and 4 only have marginal differences.  If you expect
people to treat IPv6 any differently than IPv4, you'll need to be very
explicit in what the differences are (or can be) and what the benefits are
to throwing out a decade or more of experience and retraining everyone.

S

Stephen Sprunk        "Stupid people surround themselves with smart
CCIE #3723           people.  Smart people surround themselves with
K5SSS         smart people who disagree with them."  --Aaron Sorkin

Current thread:

IPv6, IPSEC and deep packet inspection Sam Stickland (Dec 31)
- Re: IPv6, IPSEC and deep packet inspection Merike Kaeo (Dec 31)
  - Re: IPv6, IPSEC and deep packet inspection Daniel Roesen (Dec 31)
    - Re: IPv6, IPSEC and deep packet inspection Merike Kaeo (Dec 31)
  - Re: IPv6, IPSEC and deep packet inspection Stephen Sprunk (Dec 31)
    - Re: IPv6, IPSEC and deep packet inspection Rob Thomas (Dec 31)
    - Re: IPv6, IPSEC and deep packet inspection william(at)elan.net (Dec 31)
    - Re: IPv6, IPSEC and deep packet inspection Daniel Roesen (Dec 31)
    - Re: IPv6, IPSEC and deep packet inspection bmanning (Dec 31)
    - Re: IPv6, IPSEC and deep packet inspection Iljitsch van Beijnum (Dec 31)
- Re: IPv6, IPSEC and deep packet inspection Iljitsch van Beijnum (Dec 31)
- <Possible follow-ups>
- Re: IPv6, IPSEC and deep packet inspection J. Oquendo (Dec 31)