[AusNOG] FW: [Ap-ipv6tf] official shutdown date for IPv4. The date he is pushing for is April 4, 2024. "IPv4 can't go on forever, " Latour said. "

Beeson, Ayden ABeeson at csu.edu.au
Wed Nov 5 18:07:45 EST 2014 

I'm on a phone and we have had this talk on the list before, so I'll keep it brief:

Portability: auto discovery and dhcp already provide this on ipv4 and v6, regardless of NAT. NAT adds nothing and actually makes it worse in some cases as port forwarding etc may be necessary

Security: those unsecured devices when moved to ipv6 will be behind an IPv6 router which should have an adequate firewall pre configured that provides the same level of protection that NAT "provides" now.

The onus is on manufacturers to ship devices with the adequate protection, it's not hard to provide a stateful firewall with established traffic allowed back in, most people would be covered then and anything else configured by users that know what they are doing (if even only vaguely)

Cheers,
Ayden
(This email was sent from a mobile device, please forgive any typos etc)


---- Ross Wheeler wrote ----


[cid:csu-logo384.bmp]<http://www.csu.edu.au/>

|   ALBURY-WODONGA   |   BATHURST   |   CANBERRA   |   DUBBO   |   GOULBURN   |   MELBOURNE   |   ONTARIO   |   ORANGE   |   PORT MACQUARIE   |   SYDNEY   |   WAGGA WAGGA   |

________________________________
LEGAL NOTICE
This email (and any attachment) is confidential and is intended for the use of the addressee(s) only. If you are not the intended recipient of this email, you must not copy, distribute, take any action in reliance on it or disclose it to anyone. Any confidentiality is not waived or lost by reason of mistaken delivery. Email should be checked for viruses and defects before opening. Charles Sturt University (CSU) does not accept liability for viruses or any consequence which arise as a result of this email transmission. Email communications with CSU may be subject to automated email filtering, which could result in the delay or deletion of a legitimate email before it is read at CSU. The views expressed in this email are not necessarily those of CSU.

Charles Sturt University in Australia<http://www.csu.edu.au> The Grange Chancellery, Panorama Avenue, Bathurst NSW Australia 2795 (ABN: 83 878 708 551; CRICOS Provider Number: 00005F (National)). TEQSA Provider Number: PV12018
Charles Sturt University in Ontario<http://www.charlessturt.ca/> 860 Harrington Court, Burlington Ontario Canada L7N 3N4 Registration: www.peqab.ca<http://www.peqab.ca>

[cid:anniversay7f4f.bmp]

Consider the environment before printing this email.


On Wed, 5 Nov 2014, Mike Everest wrote:

> I may be opening a can of worms here, but for a bit of fun…
> I like NAT.  It solves a lot more problems that it causes (for me)

+1

I am truly scared of a world with eleventy-billion unpatched, unprotected,
vulnerable/exploitable devices suddenly "directly reachable" by all those
malware-infected, script-kiddies etc.

Apart from any other conveniences NAT offers (more later), it gives the
majority of the world "a degree" of protection from all these old windows
boxes (particularly, but there are lots of other exploitable devices out
there that haven't (yet) been widely impacted)

Sure, you can firewall/filter/protect IPv6. But how many of those
eleventy-billion unpatched systems are GOING TO BE PROTECTED?
If they can't "update" their system, don't "GET" the bit about having to
keep AV software up-to-date etc, how the HELL can we expect them to secure
IPv6?  (Hint: we can't)

Portability: being able to just "move" from one provider to another and
not have to reconfigure all your home devices, because they just get NATed
by your router just makes it SO easy for people. I'm PARTICULARLY looking
at the "not-quite-trivial" home/SOHO networks here. A single machine or
two, probably not so much, but there are an increasing number of people
with everything from home automation systems, cameras, PVRs etc that for a
variety of reasons seem to end up with static IPs, NAT makes their life
very easy - in a way that IPv6 probably won't.

It's all fine and good for those of us in the industry who do this all day
every day, but there are a LOT of people who wil never "get" the IPv6 clue
they need to do this stuff properly, but we're going to be the ones who
have to pick up the pieces afterwards, and clean up the mess.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: csu-logo384.bmp
Type: image/bmp
Size: 37976 bytes
Desc: csu-logo384.bmp
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20141105/1c4afa28/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: anniversay7f4f.bmp
Type: image/bmp
Size: 53864 bytes
Desc: anniversay7f4f.bmp
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20141105/1c4afa28/attachment-0003.bin>

More information about the AusNOG mailing list