nanog mailing list archives
Re: IPv6 firewall support
From: Randy Bush <randy () psg com>
Date: Mon, 29 Oct 2007 12:56:38 +0900
trolls can blather on, and of course will. but for the best work to date on this subject, see dave piscitello's preso from arin, <http://www.arin.net/meetings/minutes/ARIN_XX/PDF/thursday/Firewalls_Piscitello.pdf>. Mark Prior wrote:
If you need IPv6 then don't believe the vendor propaganda, test the box and then prepare to complain to the vendor :)
there is a too lightly spoken problem under this, a lack of good test suites, environments, platforms for ipv6. this serious gap extends from routers' control and data planes, to security products, to the myriad of applications. so the vendors can say pretty much anything, and it's very hard to actually learn the reality until it fails in your network. of course, if you have not been prone to testing in ipv4, this will not be a major change for you. :) randy
Current thread:
- IPv6 firewall support michael.dillon (Oct 26)
- Re: IPv6 firewall support Ross Vandegrift (Oct 26)
- Re: IPv6 firewall support Chris Adams (Oct 26)
- Re: IPv6 firewall support Simon Lockhart (Oct 27)
- Re: IPv6 firewall support Jeroen Massar (Oct 27)
- Re: IPv6 firewall support Simon Lockhart (Oct 27)
- Re: IPv6 firewall support Jeroen Massar (Oct 27)
- Re: IPv6 firewall support Pekka Savola (Oct 27)
- Re: IPv6 firewall support Mark Prior (Oct 28)
- Re: IPv6 firewall support Randy Bush (Oct 28)
- Re: IPv6 firewall support David Freedman (Oct 29)
- Re: IPv6 firewall support Ross Vandegrift (Oct 26)