On Wed, Mar 09, 2022 at 09:46:41AM -0800, David Conrad wrote:
Tim,
On Mar 9, 2022, at 9:09 AM, Tim Howe <tim.h@bendtel.com> wrote:
Some of our biggest vendors who have supposedly supported v6 for over a decade have rudimentary, show-stopping bugs.
Not disagreeing (and not picking on you), but despite hearing this with some frequency, I haven???t seen much data to corroborate these sorts of statements.
Fine. We could start at the top, with protocols that are defective by design, such as OSPFv3, which lack built-in authentication and rely on IPsec. That's great if you have a system where this is all tightly and neatly integrated, but smaller scale networks may be built on Linux or BSD platforms, and this can quickly turn into a trainwreck of loosely cooperating but separate subsystems, maintaining IPsec with one set of tools and the routing with another. Or ... FreeBSD's firewall has a DEFAULT_TO_DENY option for IPv4 but not for IPv6. Perhaps not a show-stopping bug, granted. But, wait, if you really want end-to-end IPv6 (without something like NAT in between doing its "faux-firewalling") endpoints, wouldn't you really want a firewall that defaults to deny, just in case something went awry? If I've got a gateway host that normally does stateful firewalling but it fails to load due to a typo, I'd really like it to die horribly not packet forwarding anything, because someone will then notice that. But if it fails open, that's pretty awful because it may not be noticed for months or years. So that's a show-stopper. As exciting as it would be to go all-in on v6, it's already quite a bit of a challenge to build everything dual-stack and get to feature parity. The gratuitous differences feel like arrogant protocol developers who know what's best for you and are going to make you comply with their idea of how the world should work, complexity be damned. I really never thought it'd be 2022 and my networks would be still heavily v4. Mind boggling. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov