[ppml] ripe-55/presentations/bush-ipv6-transition.pdf

Keith W. Hare Keith at jcc.com
Fri Oct 26 13:36:51 EDT 2007

>Then they should transition to IPv6, get a /48, and build their network
>so that it can easily renumber if that /48 prefix changes. No more

This assumes that the technology actually exists to easily renumber if
the /48 prefix changes.

The pieces I have not yet seen are:

-- Firewalls -- With IPv4, the firewall rules are built in terms of IP
addresses. Will IPv6 firewalls do something similar or will there be a
single place to specify a prefix?

-- Intrusion Detection & Network monitoring appliances -- is it (or will
it be possible) to specify an IPv6 prefix someplace rather than
embedding the entire IP address in rules?

-- VPNs -- How do I change an IP on a VPN link if I don't control the
other end?  What if I do control the other end, but it is remote?

-- If /48 prefix changes, will my customers/vendors/etc. require another
security audit?

I'm sceptical that the technology exists today to easily renumber a
business network if a /48 prefix changes.


Keith W. Hare                     JCC Consulting, Inc.
keith at jcc.com                     600 Newark Road
Phone: 740-587-0157               P.O. Box 381
Fax: 740-587-0163                 Granville, Ohio 43023
http://www.jcc.com                USA

More information about the ARIN-PPML mailing list