Pointer for documentation on actually delivering IPv6

Owen DeLong owen at delong.com
Tue Dec 7 14:27:00 UTC 2010


On Dec 7, 2010, at 6:05 AM, Chuck Anderson wrote:

> On Tue, Dec 07, 2010 at 08:18:31AM -0500, david raistrick wrote:
>> On Mon, 6 Dec 2010, Owen DeLong wrote:
>> 
>>> Seriously, though, you're welcome to use fd00::/8 for exactly that  
>>> purpose. The problem is that you (and hopefully it stays this way) 
>>> won't have much luck finding a vendor that will provide the NAT for you 
>>> to do it with.
>> 
>> [with my flame-retardant hat installed firmly]
>> 
>> So what's the IPV6 solution for PCI compliance, where 1.3.8 requires the  
>> use of RFC1918 space?  Admitedly, it's been a year or two since I last 
>> had to engineer around that particular set of rules...but it's life or 
>> death for a lot of folks.
> 
> Simple.  Use RFC1918 IPv4 along side global IPv6 addresses.  Done :-)

1.	PCI allows for equivalent effective security. IPv6 privacy addresses
	actually meet that test, among other possible solutions.

2.	I believe there is work underway to correct some of the specious
	requirements in PCI DSS, among which this is one.

Owen





More information about the NANOG mailing list