[AusNOG] FW: [Ap-ipv6tf] official shutdown date for IPv4. The date he is pushing for is April 4, 2024. "IPv4 can't go on forever, " Latour said. "

Paul van den Bergen paul.vandenbergen at gmail.com
Wed Nov 5 18:12:01 EST 2014


You can keep NAT in IPv6 if you really want - just configure your firewall
to port external address port pairs to point to link local addresses...
(yes, I am insane, what makes you ask?)

On Wed, Nov 5, 2014 at 6:07 PM, Beeson, Ayden <ABeeson at csu.edu.au> wrote:

> I'm on a phone and we have had this talk on the list before, so I'll keep
> it brief:
>
> Portability: auto discovery and dhcp already provide this on ipv4 and v6,
> regardless of NAT. NAT adds nothing and actually makes it worse in some
> cases as port forwarding etc may be necessary
>
> Security: those unsecured devices when moved to ipv6 will be behind an
> IPv6 router which should have an adequate firewall pre configured that
> provides the same level of protection that NAT "provides" now.
>
> The onus is on manufacturers to ship devices with the adequate protection,
> it's not hard to provide a stateful firewall with established traffic
> allowed back in, most people would be covered then and anything else
> configured by users that know what they are doing (if even only vaguely)
>
> Cheers,
> Ayden
> (This email was sent from a mobile device, please forgive any typos etc)
>
>
> ---- Ross Wheeler wrote ----
>
>
> [cid:csu-logo384.bmp]<http://www.csu.edu.au/>
>
> |   ALBURY-WODONGA   |   BATHURST   |   CANBERRA   |   DUBBO   |
>  GOULBURN   |   MELBOURNE   |   ONTARIO   |   ORANGE   |   PORT MACQUARIE
>  |   SYDNEY   |   WAGGA WAGGA   |
>
> ________________________________
> LEGAL NOTICE
> This email (and any attachment) is confidential and is intended for the
> use of the addressee(s) only. If you are not the intended recipient of this
> email, you must not copy, distribute, take any action in reliance on it or
> disclose it to anyone. Any confidentiality is not waived or lost by reason
> of mistaken delivery. Email should be checked for viruses and defects
> before opening. Charles Sturt University (CSU) does not accept liability
> for viruses or any consequence which arise as a result of this email
> transmission. Email communications with CSU may be subject to automated
> email filtering, which could result in the delay or deletion of a
> legitimate email before it is read at CSU. The views expressed in this
> email are not necessarily those of CSU.
>
> Charles Sturt University in Australia<http://www.csu.edu.au> The Grange
> Chancellery, Panorama Avenue, Bathurst NSW Australia 2795 (ABN: 83 878 708
> 551; CRICOS Provider Number: 00005F (National)). TEQSA Provider Number:
> PV12018
> Charles Sturt University in Ontario<http://www.charlessturt.ca/> 860
> Harrington Court, Burlington Ontario Canada L7N 3N4 Registration:
> www.peqab.ca<http://www.peqab.ca>
>
> [cid:anniversay7f4f.bmp]
>
> Consider the environment before printing this email.
>
>
> On Wed, 5 Nov 2014, Mike Everest wrote:
>
> > I may be opening a can of worms here, but for a bit of fun…
> > I like NAT.  It solves a lot more problems that it causes (for me)
>
> +1
>
> I am truly scared of a world with eleventy-billion unpatched, unprotected,
> vulnerable/exploitable devices suddenly "directly reachable" by all those
> malware-infected, script-kiddies etc.
>
> Apart from any other conveniences NAT offers (more later), it gives the
> majority of the world "a degree" of protection from all these old windows
> boxes (particularly, but there are lots of other exploitable devices out
> there that haven't (yet) been widely impacted)
>
> Sure, you can firewall/filter/protect IPv6. But how many of those
> eleventy-billion unpatched systems are GOING TO BE PROTECTED?
> If they can't "update" their system, don't "GET" the bit about having to
> keep AV software up-to-date etc, how the HELL can we expect them to secure
> IPv6?  (Hint: we can't)
>
> Portability: being able to just "move" from one provider to another and
> not have to reconfigure all your home devices, because they just get NATed
> by your router just makes it SO easy for people. I'm PARTICULARLY looking
> at the "not-quite-trivial" home/SOHO networks here. A single machine or
> two, probably not so much, but there are an increasing number of people
> with everything from home automation systems, cameras, PVRs etc that for a
> variety of reasons seem to end up with static IPs, NAT makes their life
> very easy - in a way that IPv6 probably won't.
>
> It's all fine and good for those of us in the industry who do this all day
> every day, but there are a LOT of people who wil never "get" the IPv6 clue
> they need to do this stuff properly, but we're going to be the ones who
> have to pick up the pieces afterwards, and clean up the mess.
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>


-- 
Dr Paul van den Bergen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20141105/04c7197d/attachment.html>


More information about the AusNOG mailing list