[LACNIC/Seguridad] Fwd: RE: IPv6 networking: Bad news for small biz
Fernando Gont
fernando en gont.com.ar
Jue Abr 5 18:48:12 BRT 2012
FYI.
Hay un thread mas que interesante en la lista general de la IETF.
ietf en ietf.org.
Acá reenvío uno de los msgs posteados. Recomiendo leer los de Randy
Bush, con los que seguramente se van a divertir (o no :-) ) un rato.
Saludos,
Fernando
-------- Original Message --------
Subject: RE: IPv6 networking: Bad news for small biz
Date: Thu, 5 Apr 2012 01:52:33 +0000
From: Christian Huitema <huitema en microsoft.com>
To: Noel Chiappa <jnc en mercury.lcs.mit.edu>, "ietf en ietf.org" <ietf en ietf.org>
> Part of the real problem has been that the IETF failed to carefully
> study, and take to heart, the operational capabilities which NAT
> provided (such as avoidance of renumbering, etc, etc), and then
> _failed to exert every possible effort_ to provide those same capabilities in an equally 'easy to use' way.
I agree with Noel on that one -- as surprising as it may sound. The IETF
did recognize several problems, from privacy to renumbering to
multi-homing, but the quality of the proposed solutions has been uneven.
The IPV6 response to privacy protects the host with privacy addresses,
but exposes internal network routes. Renumbering works fairly well in
small networks, but does not provide a replacement for folks who insist
in hardwiring IP addresses into filters. The response to multi-homing
requires an additional layer of protocol in the hosts and is probably 15
years from being deployed.
Of course, NAT does not really solve multi-homing either -- it is one of
the points where the brittleness is most apparent. But NAT's do hide the
internals of a network, and do isolate networks from renumbering issues.
NAT also break lots of applications, which is why so many of us hate
them. But so do firewalls, and it seems that IPv6 firewalls are
encouraged. Oh well.
-- Christian Huitema
Más información sobre la lista de distribución Seguridad