Fwd: Interesting problems with using IPv6
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 There's been a lot of on-and-off discussion about v6, especially about security and operational concerns about some aspects of IPv6 deployment, specifically regarding neighbor discovery (although there are other operational security concerns, as well). I'd like to provide this as an example of those concerns, without any additional commentary. :-) See also: http://www.ietf.org/mail-archive/web/ietf/current/msg89517.html Cheers, - - ferg - -------- Forwarded Message -------- Subject: Interesting problems with using IPv6 Date: Sun, 7 Sep 2014 09:28:45 +0000 From: l.wood@surrey.ac.uk To: ietf@ietf.org http://blog.bimajority.org/2014/09/05/the-network-nightmare-that-ate-my-week... Interesting scaling concerns... Lloyd Wood http://about.me/lloydwood [end] - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iF4EAREIAAYFAlQMeq4ACgkQKJasdVTchbJVuAD/d8qvCrOAr9UswM+9YQaOyTNQ btFUX/1sRImNCcqkIpkA/RdQUhLE5TkmSlULZZ6A5wgsLDE8byukz8O318715kW+ =chES -----END PGP SIGNATURE-----
On Sep 7, 2014 8:35 AM, "Paul Ferguson" <fergdawgster@mykolab.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
There's been a lot of on-and-off discussion about v6, especially about security and operational concerns about some aspects of IPv6 deployment, specifically regarding neighbor discovery (although there are other operational security concerns, as well).
I'd like to provide this as an example of those concerns, without any additional commentary. :-)
See also:
http://www.ietf.org/mail-archive/web/ietf/current/msg89517.html
ietf@... Yawn.
Cheers,
- - ferg
Ferg, What's your point? Is it that ip networks fail? There are decades of mailing lists archives at nanog and others that have the same thing -- 1) stressed out ops guy 2) buggy code (tac says need to load latest code as first step) 3) L2 mess -- most of those examples of epic failure are ipv4 related, but many are just ethernet fails. If your point is that IPv6 cannot be deployed at scale, i have a list of meaningful counter examples where in fact it does work. And as already mention, the mailing list archive at nanog and others is full of folks with poor design or gear. There are various docs that try to help folks deploy networks well. https://tools.ietf.org/html/draft-ietf-v6ops-enterprise-incremental-ipv6-06 CB
- -------- Forwarded Message -------- Subject: Interesting problems with using IPv6 Date: Sun, 7 Sep 2014 09:28:45 +0000 From: l.wood@surrey.ac.uk To: ietf@ietf.org
http://blog.bimajority.org/2014/09/05/the-network-nightmare-that-ate-my-week...
Interesting scaling concerns...
Lloyd Wood http://about.me/lloydwood
[end]
- -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32)
iF4EAREIAAYFAlQMeq4ACgkQKJasdVTchbJVuAD/d8qvCrOAr9UswM+9YQaOyTNQ btFUX/1sRImNCcqkIpkA/RdQUhLE5TkmSlULZZ6A5wgsLDE8byukz8O318715kW+ =chES -----END PGP SIGNATURE-----
There are decades of mailing lists archives at nanog and others that have the same thing -- 1) stressed out ops guy 2) buggy code (tac says need to load latest code as first step) 3) L2 mess -- most of those examples of epic failure are ipv4 related, but many are just ethernet fails.
If your point is that IPv6 cannot be deployed at scale, i have a list of meaningful counter examples where in fact it does work.
And as already mention, the mailing list archive at nanog and others is full of folks with poor design or gear.
Did you actually read the whole story? Did you read Jeff Wheeler's presentation, referenced in the comment? http://inconcepts.biz/~jsw/ipv6_nd_problems_with_l2_mcast.pdf Steinar Haug, AS 2116
participants (3)
-
Ca By -
Paul Ferguson -
sthaugļ¼ nethelp.no