[ppml] IPv6 flawed?

Behm, Jeffrey L. BehmJL at bv.com
Thu Sep 13 14:42:26 EDT 2007

Another data point to consider:  

On Thursday, September 13, 2007 1:15 PM, Kevin Kargel said:

>If I want a private section of it all I
>have to do is set an access list for it in my edge routers denying
>traffic for that subnet in or out of my network.  Voila, I have a
>private network.
Not a private network, just a public network that is firewalled...read

>Then I have the added advantage that if I ever need temporary access to
>the world for an internal box (let's say I want to update patches) all
>have to do is punch a temporary hole in the access list.  No setting up
>NAT, no renumbering, nothing fancy at all, it just instantly works. 

Similarly, if your admin *accidentally* (they're human, right?) punches
a not-so-temporary hole to that so-called private network, then your
private network isn't private anymore. If it was private, ala rfc1918,
then it wouldn't be such a big deal as opening up a non-rfc1918 address
(range?), which the rest of the Internet would then be able to access.


More information about the ARIN-PPML mailing list