nanog mailing list archives

Re: Important IPv6 Policy Issue -- Your Input Requested

From: Valdis.Kletnieks () vt edu
Date: Thu, 11 Nov 2004 15:34:17 -0500

On Thu, 11 Nov 2004 15:01:36 EST, Leo Bicknell said:

Having to double the size of every ACL in your network (once for
the local address, once for the "public" address) does not seem
simpler.  It also seems dangerous, since almost all devices have a
limit to ACL size.  As if larger addresses wasn't already enough
penality on those boxes now we have to list each machine twice.


Actually, probably not - in the majority of cases, you can put in *one*
ACL that drops (for example) all outbound packets for anything in the /32
and avoid having to list each machine twice.

Yes, it's still double - but it's two subnet entries, not two copies of
all 2,048 addresses in the subnet....

(Hint - you'd *have* to do it that way - you *cant* enumerate all the
possible addresses in an IPv6 /64 unless your router has terabytes of
memory...)

Attachment: _bin
Description:

Current thread:

Re: IPV6 renumbering painless?, (continued)
- - - Re: IPV6 renumbering painless? Christopher L. Morrow (Nov 12)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Randy Bush (Nov 11)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Iljitsch van Beijnum (Nov 11)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Adi Linden (Nov 15)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Iljitsch van Beijnum (Nov 15)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Måns Nilsson (Nov 11)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Randy Bush (Nov 11)
    - RE: Important IPv6 Policy Issue -- Your Input Requested Tony Hain (Nov 11)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Leo Bicknell (Nov 11)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Joe Abley (Nov 11)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Valdis . Kletnieks (Nov 11)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Eric Gauthier (Nov 08)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Randy Bush (Nov 08)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Daniel Roesen (Nov 08)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Randy Bush (Nov 08)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Daniel Roesen (Nov 08)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Sascha Lenz (Nov 08)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Steven M. Bellovin (Nov 08)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Ted Hardie (Nov 08)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Randy Bush (Nov 08)
    - Re: Important IPv6 Policy Issue -- Your Input Requested Steven M. Bellovin (Nov 08)

(Thread continues...)