legacy /8

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Sun Apr 11 17:39:48 UTC 2010


On Sun, 11 Apr 2010 12:31:28 EDT, William Warren said:
> On 4/3/2010 1:39 PM, Valdis.Kletnieks at vt.edu wrote:

> > Given that currently most stuff is dual-stack, and IPv6 isn't totally
> > widespread, what are the effects of doing IPv6 DDoS mitigation by simply
> > turning off IPv6 on your upstream link and letting traffic fall back to IPv4
> > where you have mitigation gear?

> Not a valid argument.  When ipv6 gets widely used then the DDOS will 
> follow it.

Totally valid.

IPv6 isn't heavily used *currently*, so it may be perfectly acceptable to
deal with the mythological IPv6 DDoS by saying "screw it, turn off the IPv6
prefix, deal with customers on IPv4-only for a few hours".  After all, that's
*EXACTLY* the way you're doing business now - IPv4 only.  So that's obviously
a viable way to deal with an IPv6 DDoS - do *exactly what you're doing now*.





-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20100411/9c7e35e9/attachment.sig>


More information about the NANOG mailing list