nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pointer for documentation on actually delivering IPv6

From: Joel Jaeggli <joelja () bogus com>
Date: Tue, 07 Dec 2010 06:23:07 -0800
On 12/7/10 5:18 AM, david raistrick wrote:

On Mon, 6 Dec 2010, Owen DeLong wrote:


Seriously, though, you're welcome to use fd00::/8 for exactly that
purpose. The problem is that you (and hopefully it stays this way)
won't have much luck finding a vendor that will provide the NAT for
you to do it with.


[with my flame-retardant hat installed firmly]

So what's the IPV6 solution for PCI compliance, where 1.3.8 requires the
use of RFC1918 space?  Admitedly, it's been a year or two since I last
had to engineer around that particular set of rules...but it's life or
death for a lot of folks.


Document a compensating control...

That particular case is trivial to demonstrate that the in scope
addresses are not exposed to the internet.




-- 
david raistrick        http://www.netmeister.org/news/learn2quote.html
drais () icantclick org             http://www.expita.com/nomime.html
Previous By Date Next
Previous By Thread Next

Current thread: