[NANOG] fair warning: less than 1000 days left to IPv4 exhaustion

• Previous message (by thread): [NANOG] fair warning: less than 1000 days left to IPv4 exhaustion
• Next message (by thread): [NANOG] fair warning: less than 1000 days left to IPv4 exhaustion
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mikael Abrahamsson wrote:
> On Sat, 3 May 2008, Randy Bush wrote:
> 
>> back office software
>> ip and dns management software
>> provisioning tools
>> cpe
>> measurement and monitoring and billing
>>
>> and, of course, backbone and aggregation equipment that can actually
>> handle real ipv6 traffic flows with acls and chocolate syrup.
> 
> Not to mention, you want to be able to do the regular antispoofing etc and 
> your security devices (which might be based on L2 switches doing DHCP 
> snooping) doesn't do IPv6, so you need to replace them (or live with lower 
> security) and this needs serious budget.

Or you'll have to revert to what you did before dhcp filtering switches.

Which was watch for replies from rogues and then update your mac filters 
accordingly or drop the host onto a quarantine vlan. should work quite 
well for rogue RAs and rogue dhcpv6 servers.

Obviously it's reactive rather than proactive but it can be quite 
effective if automated.

• Previous message (by thread): [NANOG] fair warning: less than 1000 days left to IPv4 exhaustion
• Next message (by thread): [NANOG] fair warning: less than 1000 days left to IPv4 exhaustion
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]