Assigning IPv6 /48's to CPE's?

Rick Astley jnanog at gmail.com
Sat Jan 5 00:02:49 UTC 2008


As much as I don't want to resurrect this conversation again or beat a dead
(now glued) horse: In the SOHO arena, today's NAT users may or may not opt
to use SPI down the road.

Many people just opt for the cheapest working solution and use defaults, so
what we end up depends on what vendors like Linksys and Netgear decide. I am
sure there will be customer demand for firewall functionality as well, but
how much is not clear.

I am talking about SOHO users because they are a big portion of the large
DDoS networks and an important frontier in the fight against worm
propagation.

I know large mostly unused pools of client IP's make it more difficult to
use traditional worm propagation methods in IPv6[1], but if customers move
from IPv4 "firewalls" to IPv6 "routers", we still lose an important layer of
security.


1. worm propagation strategies in an IPv6 Internet -
http://www.cs.columbia.edu/~smb/papers/v6worms.pdf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20080104/bf3656f7/attachment.html>


More information about the NANOG mailing list