[NANOG] fair warning: less than 1000 days left to IPv4 exhaustion

Joel Jaeggli joelja at bogus.com
Sat May 3 02:14:45 CDT 2008


Mikael Abrahamsson wrote:
> On Sat, 3 May 2008, Randy Bush wrote:
> 
>> back office software
>> ip and dns management software
>> provisioning tools
>> cpe
>> measurement and monitoring and billing
>>
>> and, of course, backbone and aggregation equipment that can actually
>> handle real ipv6 traffic flows with acls and chocolate syrup.
> 
> Not to mention, you want to be able to do the regular antispoofing etc and 
> your security devices (which might be based on L2 switches doing DHCP 
> snooping) doesn't do IPv6, so you need to replace them (or live with lower 
> security) and this needs serious budget.

Or you'll have to revert to what you did before dhcp filtering switches.

Which was watch for replies from rogues and then update your mac filters 
accordingly or drop the host onto a quarantine vlan. should work quite 
well for rogue RAs and rogue dhcpv6 servers.

Obviously it's reactive rather than proactive but it can be quite 
effective if automated.




More information about the NANOG mailing list