And the MLC didn't bother responding to either (until this). And
probably won't respond further. Of course, my colleagues can say what
they want, but I don't see any reason why someone can't ask for clue
help.
If that's the case then might I sugggest changing the pages that discuss
what is,
Are you seriously going to sit there and claim that someone asking about
how to set up 2 default routes on a FreeBSD box is operationally or
technically relevant to the NANOG community at large?
You honestly, truly believe that how do I add two default routes to
FreeBSD is a relevant question
Also, it is good to control the Internet addressable devices on your network
by putting them behind a NAT device. That way you have less devices to
concern yourself about that are directly addressable when they most likely
need not be. You can argue that you can do the same with a firewall
But NAT *requires* stateful inspection;
No, NAT does not require this.
In the context of this discussion it does.
Port NAT mapping one IP to many does, but there are other
kinds of NAT.
This is exactly the NAT that is being spoken of though.
this lack of precision can lead to nasty
Won't stateful firewalls have similar issues? Ie, if you craft a stateful
firewall to allow an office to have real IPv6 addresses but not to allow
arbitrary connections in/out (ie, the stateful bit), won't said stateful
require protocol tracking modules with similar (but not -as-) complexity
to
Not speaking directly for my employer (in any official capacity
that is), but it's is *not* as easy as as just IPv6 enabling our network,
enabling ipv6 on the servers, and putting up ipv6.yahoo.com. Currently,
the biggest roadblock we have is loadbalancer support (or, more
specificly,
Actually, for me 100% feature parity (for stuff we use per vip) is a day-1
requirement.
That's obviously your choice. I don't know the first thing about your
application/services/systems but in my case my load balancer has nothing
to do with my application/services- and I would be frightened
If I read the thread so far correctly, Igor can't enable a single server
with v6, because the instant he updates the DNS so an MX for his domain
references a , that will become the preferred target for his domain
from the entire IPv6 world, and he's gonna need a load balancer from Day 0.
I guess we have different definitions for most significant backbones.
Unless you mean they have a dual-stack router running _somewhere_, say, for
instance, at a single IX or a lab LAN or something. Which is not
particularly useful if we are talking about a significant backbone.
Rather than
vixie had a fun discussion about anycast and dns... something about him
being sad/sorry about making everyone have to carry a /24 for f-root
everywhere.
Whether it's a /24 for f-root or a /20 doesn't really make a difference-
it's a routing table entry either way- and why waste addresses.
I
RIPE may only give out /32's but ARIN gives out /48's so there wouldn't be
any deaggregation in that case.
The RIPE NCC assign /48s from 2001:0678::/29 according to ripe-404:
http://www.ripe.net/ripe/docs/ripe-404.html
Yeah I missed that. This matches ARIN's policy for critical
but ipv6 is more secure, yes? :) (no it is not)
Does the relative security of IVp4 and IPv6 *really* matter on the same Internet
that has Vint Cerf's 140 million pwned machines on it?
was the :) not enough: I'm joking ??
Just askin', ya know?
some people do think that it does... they
We do have dual stack in all our customer sites, and at the time being
didn't got complains or support calls that may be considered due to the
.
So far everyone who has contacted me has generally reported a positive
experience with their transitions.
The biggest complaints so far have
This assumes a single machine scanning, not a botnet of 1000 or even the
1.5m the dutch gov't collected 2 yrs ago.
Again, a sane discussion is in order. Scanning isn't AS EASY, but it
certainly is still feasible,
With 1.5 million hosts it will only take 3500 years... for a _single_ /64!
I'm
14 matches
Mail list logo