[ppml] article about IPv6 vs firewalls vs NAT in arstechnica (seen on slashdot)

william(at)elan.net william at elan.net
Fri May 11 03:03:08 EDT 2007 

I don't understand your point about why ULA need to be registered if
its not going to be globally routed. Also PI is not the same as ULA -
PI do come from RIRs and in IPv6 there was no way to get PI (except
in a few special cases) until recent ARIN's micro-allocation policy.

On Fri, 11 May 2007, Tony Hain wrote:

> I agree that this will help inform the debate, and while Iljitsch did a good
> job of outlining the issue, he left out a significant point:::
> People explicitly chose to be in the state of "as there is currently no
> obvious way to make services only available locally" by insisting that the
> local-scope addressing range have a global-scope as far as application
> developers were concerned. Now the application developers are complaining
> about the consequences of their choice, because the alternative to 'no
> routing path for an attack' is to insert a device that has to make policy
> decisions with limited information.
>
> The current ULA-central discussions will be directly involved in this issue.
> It is critical that all of the RIR's have policies establishing a mechanism
> for registering ULA-central prefixes & PI. For those who don't recall, the
> reason ULA-central was tabled was that it was seen as a potential end-run to
> acquire PI space in the absence of appropriate policy to do so out of a
> range recognized for global routing.
>
> The need for keeping some things local while others are global is real, and
> the lack of appropriate mechanisms to accomplish that through the routing
> system that is designed to deal with path selection leads to entire
> industries for fragile work-arounds along with their increased complexity.
>
> Tony
>
>
>> -----Original Message-----
>> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of
>> vixie at vix.com
>> Sent: Thursday, May 10, 2007 9:59 PM
>> To: ppml at arin.net
>> Subject: [ppml] article about IPv6 vs firewalls vs NAT in arstechnica
>> (seen on slashdot)
>>
>> i think that this article will help inform the debate around the ipv6
>> transition:
>>
>> http://arstechnica.com/articles/paedia/ipv6-firewall-mixed-blessing.ars
>> _______________________________________________
>> This message sent to you through the ARIN Public Policy Mailing List
>> (PPML at arin.net).
>> Manage your mailing list subscription at:
>> http://lists.arin.net/mailman/listinfo/ppml
>
> _______________________________________________
> This message sent to you through the ARIN Public Policy Mailing List
> (PPML at arin.net).
> Manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/ppml

More information about the ARIN-PPML mailing list