IPv6 Ignorance

John R. Levine johnl at iecc.com
Sun Sep 16 23:58:15 UTC 2012


>> IPv6 has its problems, but running out of addresses is not one of them.
>> For those of us worried about abuse management, the problem is the
>> opposite, even the current tiny sliver of addresses is so huge that
>> techniques from IPv4 to map who's doing what where don't scale.
>
> Well, in IPv4...  NAT broke it, because  networks implementing 1:many
> NAT could no longer easily identify what host was responsible for abuse.

I realize that's a problem in theory, in practice it's not because it's 
still rare to have interestingly different hosts behind a single NAT.

> What do you mean by suggesting IPv4 abuse management techniques to map 
> whose doing what, where do not scale to IPv6's larger address space?

Large networks keep separate reputation for every address in the IPv4 
address space based on the traffic they send.  You can't do that in IPv6, 
particularly since hostile bots can easily hop around within a /64, which 
is bad news if that /64 also has some legit hosts.

Regards,
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly




More information about the NANOG mailing list