[AusNOG] IPv6 excuses

Philip Loenneker Philip.Loenneker at tasmanet.com.au
Fri May 27 14:55:19 EST 2016


I'm curious to know if/how providers that have enabled IPv6 are protecting users after the introduction of IPv6. The majority of end users are not capable, and probably should not be expected to be capable, of maintaining a suitable firewall. The wide variety of routers available would offer an equally wide variety of protection to IPv6 clients. 

Despite all the shortcomings, NAT provides a very convenient barrier between the Internet and customer internal networks. 

-----Original Message-----
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Mark Smith
Sent: Friday, 27 May 2016 2:30 PM
To: Mark Andrews <marka at isc.org>
Cc: AusNOG Mailing List <ausnog at ausnog.net>
Subject: Re: [AusNOG] IPv6 excuses

On 27 May 2016 at 13:56, Mark Andrews <marka at isc.org> wrote:
>
> In message <CAO42Z2y87pe4M44V5jjuDGAOZQe1YfKvs1f7zhbgLDsJAxVrMg at mail.gmail.com>, Mark Smith writes:
>> On 27 May 2016 at 12:32, Skeeve Stevens
>> <skeeve+ausnog at eintellegonetworks.com> wrote:
>> >
>> > Love it...
>> >
>> > Most of them are true... except
>> >
>> > "None of our customers want it" and "End users don't care about IPv6"
>> >
>> > Are true... they don't and won't... but it isn't a valid reason not to
>> > roll it out... but it is a painful one when justifying the business case.
>> >
>>
>> I doubt many of them wanted IPv4 either. They wanted Internet access,
>> or probably more specifically, email and world-wide-web access.
>>
>> IPv4 and IPv6 are the 'whats' not the 'whys'.
>>
>> If you walk up to somebody, even a technical manager, and say "we need
>> to deploy IPv6", their likely answer will be the question "why?" (or
>> "<sigh> Not this again."). You need to have an answer, and it needs to
>> be valid for the situation.
>>
>> On the Internet, IPv6 is optional, because somebody can access
>> everything with just an IPv4 address.
>
> This has not been true for 20 years now.  The moment we were forced
> into using NAT to connect people could connect to everything they
> wanted to.  Just because we have put up with degraded service through
> neccesity doesn't mean that there isn't a issue.  CGNAT just made
> the probem worse as many workarounds don't work with CGNAT.
>
> NAT and CGNAT are stop gap mechanisms.  People have forgotten this
> as they have had to live with it for too long.
>

I think the trouble has been that the costs of NAT in IPv4 at the
customer premise have been small enough that they've been tolerated,
perhaps also because they've been unavoidable - we probably couldn't
have deployed broadband Internet access without it, because there were
too many things that weren't IPv6 capable at the time. With the IPv4
NAT cost being low and already paid, even though IPv6 can remove them,
there hasn't been a strong enough incentive to remove them.

CGN at the ISP, where the NAT costs are greater in both equipment
capacity and to the helpdesk (as a consequence of dual inline-NATs),
might change that if those increased costs are passed onto IPv4/NAT
only customers.

Regards,
Mark.
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog



More information about the AusNOG mailing list