Only 5x IPv4 /8 remaining at IANA

Owen DeLong owen at delong.com
Mon Oct 18 19:02:00 UTC 2010


On Oct 18, 2010, at 11:19 AM, Henning Brauer wrote:

> * Owen DeLong <owen at delong.com> [2010-10-18 18:29]:
>> The good news is that stateful inspection doesn't go away in IPv6.
> 
> that is right.
> 
>> It works just fine. All that goes away is the header mangling.
> 
> that is partially true. it can work just fine, but all the bloat in v6
> makes it way harder to implement the state tracking than it should be.
> 
Actually, the state tracking in IPv6 requires a little more memory, but,
it's actually easier on the silicon and has significant improvements
over IPv4 for ASIC parsing of the headers.

>> It's really unfortunate that most people don't understand the distinction.
>> If they did, it would help them to realize that NAT doesn't actually do
>> anything for security, it just helps with address conservation (although
>> it has some limits there, as well).
> 
> right.
> 
>> IPv6 with SI is no less secure than IPv4 with SI+NAT.
> 
> well, it is. the extension headers are horrible. the v4 mapping horror
> is an insane trap, too. link-local is the most horrid concept ever.
> all hail 160 bit addresses.
> 
We can agree to disagree.

Owen





More information about the NANOG mailing list