[ppml] ripe-55/presentations/bush-ipv6-transition.pdf
Keith W. Hare
Keith at jcc.com
Fri Oct 26 13:36:51 EDT 2007
>Then they should transition to IPv6, get a /48, and build their network
>so that it can easily renumber if that /48 prefix changes. No more
pain.
This assumes that the technology actually exists to easily renumber if
the /48 prefix changes.
The pieces I have not yet seen are:
-- Firewalls -- With IPv4, the firewall rules are built in terms of IP
addresses. Will IPv6 firewalls do something similar or will there be a
single place to specify a prefix?
-- Intrusion Detection & Network monitoring appliances -- is it (or will
it be possible) to specify an IPv6 prefix someplace rather than
embedding the entire IP address in rules?
-- VPNs -- How do I change an IP on a VPN link if I don't control the
other end? What if I do control the other end, but it is remote?
-- If /48 prefix changes, will my customers/vendors/etc. require another
security audit?
I'm sceptical that the technology exists today to easily renumber a
business network if a /48 prefix changes.
Keith
______________________________________________________________
Keith W. Hare JCC Consulting, Inc.
keith at jcc.com 600 Newark Road
Phone: 740-587-0157 P.O. Box 381
Fax: 740-587-0163 Granville, Ohio 43023
http://www.jcc.com USA
______________________________________________________________
More information about the ARIN-PPML
mailing list