On Tue, 29 Nov 2011 03:23:04 EST, Jeff Wheeler said:
On Tue, Nov 29, 2011 at 1:43 AM, <Valdis.Kletnieks@vt.edu> wrote:
It's worked for us since 1997. We've had bigger problems with IPv4 worms
That's not a reason to deny that the problem exists. It's even fixable. I'd prefer that vendors fixed it *before* there were massive botnet armies with IPv6 connectivity, but in case they don't, I do not deploy /64.
Umm.. Jeff? I never *tried* to deny the problem exists. But if you have an eyeball-heavy network, it's hard to not deploy /64s (currently, we do SLAAC to get the basic config, and DNS/etc is still via dhcp4/IPv4). We just see the business danger of waiting to start deploying IPv6 till the vendors are perfect as being a bigger danger than the ND exhaustion issue. (How many years did we go with ARP and DHCP spoofing being well-known issues before vendors fixed that? Yeah, exactly.)