IPv6 deployment excuses

Jared Mauch jared at puck.Nether.net
Tue Jul 5 01:00:19 UTC 2016


On Mon, Jul 04, 2016 at 06:41:00PM +0900, Masataka Ohta wrote:
> Jared Mauch wrote:
> 
> > Actually they are not that great. Look at the DDoS mess that UPnP has
> > created and problems for IoT (I call it Internet of trash, as most
> > devices are poorly implemented without safety in mind) folks on all
> > sides.
> 
> Are you saying, without NAT or something like that to restrict
> reachable ports, the Internet, regardless of whether it is with
> IPv4 or IPv6, is not very secure?

	I'm saying two things:

	1) UPnP is a security nightmare and nobody (at scale)
will let you register ports with their CGN/edge.

	2) We are an industry in transition.  Internet connectivity
will soon be defined by v6 + v4, not v4+ sometimes v6.

	There are challenges still, AWS, UBNT UniFi and things like
the CableWifi/xfinitywifi don't do V6 currently.

	I've heard most of these are coming.  There are still a
lot of self-proclaimed "IT Experts" that say stuff like "why use
DNS", or the well meaning "Cybermoon CEO Amitay Dan" who says
you should use an IP address to manage your home router.  Of course
when people see that, I'm sure they all are thinking IPv4 vs using
a .local domain name.

	Much of this is because we're technical people and most users
are non-technical, they just want their stuff(tm) to work.  We must
make it seamless, and this will mean providing them a method to have
their technology work.

	Take how most people copy files between devices today.  I
may go and SFTP or SCP files around, know the paths, set my prompt
but others?  USB or a service like Dropbox.  It's about the technology
as a tool.

	If you fail to see IPv6 as part of that tool to fix things
and think that everyone will do the right thing, you will face hurdles.

	Our services need to work for the broadest set of users.  Many
people are now used to the non-e2e results of a NAT/CGN environment.
They work around it with other solutions.  Soon?  IPv4AAS will be
abundant to bridge those who lack full internet access.

	- Jared

-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.



More information about the NANOG mailing list