On 05/24/2013 08:17 AM, Hosnieh Rafiee wrote:
I just wonder why, when you can use a monitoring system to log all your events (MAC + IP) when you are inside a corporate network, you see this as a big issue.
I work primarily with customers who implement networks inside their own borders. Ray is 100% correct that stable addressing for end users is a very high priority for things like access control, accountability, reporting, SOX, etc. Whether or not it should be so is an entirely different question. For the middle of the bell-shaped curve, it IS so.
For IPv6 purposes, I can tell those customers to turn off 4941 addresses and they're good to go. What I cannot do is tell them, "IPv6 addresses constantly rotate, so you will have to log every data connection, keep those logs for N {weeks|months|years}, and use them to find out who did what when, instead of going to the tool you use now which will tell you that in 2 seconds." If I tell customers that this is the cost of IPv6, they will simply tell me "No thank you," and continue using their (comfortable, familiar) 1918 addresses internally behind their NAT.
We have to stop the line of thinking that goes, "We can introduce $this cool new feature to IPv6, and the cost is only $so_much." "The Market" has already responded with deafening silence to the costs that already exist to migrate to IPv6. Adding more is not an option.
Doug -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
