On Mon, Feb 19, 2024 at 10:31 AM Tim Howe wrote:
> On Mon, 19 Feb 2024 10:01:06 -0800
> William Herrin wrote:
> > So when the user wants to run a home server, their IPv4 options are to
> > create a TCP or UDP port forward for a single service port or perhaps
> > create a generic port forward for
Some responses below.
On Mon, 19 Feb 2024 10:01:06 -0800
William Herrin wrote:
> > I've never once seen a device
> > that has v6 support and didn't have a stateful v6 firewall on by
> > default (if v6 was "on").
>
> Acknowledged.
>
> So when the user wants to run a home server, their IPv4 op
On Mon, Feb 19, 2024 at 9:44 AM Tim Howe wrote:
> FWIW, in the decade we have been providing dual-stack by default, I
> have made a bit of a hobby out of testing every CPE and SOHO router
> that I get may hands on in my PON lab.
Hi Tim,
I have not, so I'll defer to your experience.
> I've never
OpenWrt, from which much is derived, is default deny on ipv4 and ipv6.
The ipv6 firewall on most cable devices prior to the XB6 is very, very limited.
On Mon, Feb 19, 2024 at 12:44 PM William Herrin wrote:
>
> On Mon, Feb 19, 2024 at 9:23 AM Hunter Fuller wrote:
> > On Mon, Feb 19, 2024 at 11:1
On Mon, 19 Feb 2024 09:16:00 -0800
William Herrin wrote:
> I disagree with that one. Limiting discussion to the original security
> context (rather than the wider world of how useful IPv6 is without
> IPv4), IPv6 is typically delivered to "most people" without border
> security, while IPv4 is del
On Mon, Feb 19, 2024 at 9:23 AM Hunter Fuller wrote:
> On Mon, Feb 19, 2024 at 11:16 AM William Herrin wrote:
> > > There isn't really an advantage to using v4 NAT.
> > I disagree with that one. Limiting discussion to the original security
> > context (rather than the wider world of how useful IP
On Mon, Feb 19, 2024 at 11:16 AM William Herrin wrote:
> > There isn't really an advantage to using v4 NAT.
> I disagree with that one. Limiting discussion to the original security
> context (rather than the wider world of how useful IPv6 is without
> IPv4), IPv6 is typically delivered to "most pe
On Mon, Feb 19, 2024 at 9:00 AM Hunter Fuller wrote:
> I guess the point I'm making is, the methods we are using today for v6
> dual WAN, work fine for most people.
Hi Hunter,
I accept that point. It's wobbly on some of the details, but you're
talking "most" people, not everyone.
> There isn't
On Mon, Feb 19, 2024 at 10:22 AM William Herrin wrote:
> Yes and no. The client application has to be programmed to understand
> link-local addresses or it can't use them at all. You can't just say
> "connect to fe80::1." Even if there's an fe80::1 on your network, it
> doesn't work. The client ap
On Mon, Feb 19, 2024 at 8:08 AM Hunter Fuller wrote:
> On Mon, Feb 19, 2024 at 9:17 AM William Herrin wrote:
> > There's also the double-ISP loss scenario that causes Joe to lose all
> > global-scope IP addresses. He can overcome that by deploying ULA
> > addresses (a third set of IPv6 addresses)
On Mon, Feb 19, 2024 at 11:13 AM Hunter Fuller via NANOG
wrote:
>
> On Mon, Feb 19, 2024 at 9:29 AM Mike Hammett wrote:
> > "In IPv6's default operation, if Joe has two connections then each of
> > his computers has two IPv6 addresses and two default routes. If one
> > connection goes down, one o
mdns can still be "fun" in a wide variety of situations.
https://www.reddit.com/r/k12sysadmin/comments/9yghdx/chromebooks_and_peer_to_peer_updates_can_be/
I do not know to what extent the upgrade to unicast feature long
gestating in the IETF has been adopted.
On Mon, Feb 19, 2024 at 11:10 AM Hun
On Mon, Feb 19, 2024 at 9:29 AM Mike Hammett wrote:
> "In IPv6's default operation, if Joe has two connections then each of
> his computers has two IPv6 addresses and two default routes. If one
> connection goes down, one of the routes and sets of IP addresses goes
> away."
>
> This sounds like a
On Mon, Feb 19, 2024 at 9:17 AM William Herrin wrote:
> There's also the double-ISP loss scenario that causes Joe to lose all
> global-scope IP addresses. He can overcome that by deploying ULA
> addresses (a third set of IPv6 addresses) on the internal hosts, but
> convincing the internal network
14 matches
Mail list logo
