nanog mailing list archives
Re: IPv6 deployment excuses
From: Masataka Ohta <mohta () necom830 hpcl titech ac jp>
Date: Tue, 5 Jul 2016 11:34:17 +0900
Jared Mauch wrote:
Are you saying, without NAT or something like that to restrict reachable ports, the Internet, regardless of whether it is with IPv4 or IPv6, is not very secure?I'm saying two things: 1) UPnP is a security nightmare and nobody (at scale) will let you register ports with their CGN/edge.
Don't do that. Just have static port forwarding. UPnP may be used as a channel to advertise the forwarding information but you can also do it manually (for reverse translation, configuring a global IP address and a range of port numbers is enough).
2) We are an industry in transition. Internet connectivity
will soon be defined by v6 + v4, not v4+ sometimes v6.
Yeah, we have been so for these 20 years.
Our services need to work for the broadest set of users. Many
people are now used to the non-e2e results of a NAT/CGN environment.
Exactly. And, as e2e transparency over NAT can be offered to
exceptional people, we can live with IPv4 forever.
Masataka Ohta
Current thread:
- Re: IPv6 deployment excuses, (continued)
- Re: IPv6 deployment excuses Baldur Norddahl (Jul 05)
- Re: IPv6 deployment excuses Mikael Abrahamsson (Jul 05)
- Re: IPv6 deployment excuses Masataka Ohta (Jul 04)
- Re: IPv6 deployment excuses Spencer Ryan (Jul 04)
- Re: IPv6 deployment excuses Valdis . Kletnieks (Jul 04)
- Re: IPv6 deployment excuses Masataka Ohta (Jul 04)
- Re: IPv6 deployment excuses Mike Hammett (Jul 05)
- Re: IPv6 deployment excuses Jared Mauch (Jul 04)
- Re: IPv6 deployment excuses Matt Hoppes (Jul 04)
- Re: IPv6 deployment excuses Jared Mauch (Jul 04)
- Re: IPv6 deployment excuses Masataka Ohta (Jul 04)
- Re: IPv6 deployment excuses Alarig Le Lay (Jul 01)
- Re: IPv6 deployment excuses Hugo Slabbert (Jul 01)
- RE: IPv6 deployment excuses Gary Wardell (Jul 01)
- Re: IPv6 deployment excuses Ruairi Carroll (Jul 02)
- Re: IPv6 deployment excuses William Astle (Jul 02)
- Re: IPv6 deployment excuses Denis Fondras (Jul 02)
- Re: IPv6 deployment excuses Jared Mauch (Jul 02)
- Re: IPv6 deployment excuses Mark Tinka (Jul 03)