nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Only 5x IPv4 /8 remaining at IANA

From: Owen DeLong <owen () delong com>
Date: Mon, 18 Oct 2010 12:02:00 -0700

On Oct 18, 2010, at 11:19 AM, Henning Brauer wrote:


* Owen DeLong <owen () delong com> [2010-10-18 18:29]:

The good news is that stateful inspection doesn't go away in IPv6.


that is right.


It works just fine. All that goes away is the header mangling.


that is partially true. it can work just fine, but all the bloat in v6
makes it way harder to implement the state tracking than it should be.


Actually, the state tracking in IPv6 requires a little more memory, but,
it's actually easier on the silicon and has significant improvements
over IPv4 for ASIC parsing of the headers.


It's really unfortunate that most people don't understand the distinction.
If they did, it would help them to realize that NAT doesn't actually do
anything for security, it just helps with address conservation (although
it has some limits there, as well).


right.


IPv6 with SI is no less secure than IPv4 with SI+NAT.


well, it is. the extension headers are horrible. the v4 mapping horror
is an insane trap, too. link-local is the most horrid concept ever.
all hail 160 bit addresses.


We can agree to disagree.

Owen
Previous By Date Next
Previous By Thread Next

Current thread: