RIPE Community Mail Archives

you are here: RIPE -> RIPE Maillists > Archives

	About RIPE Maillists
	Maillists Archive
	Global Lists
	Non Active Lists

<<< Chronological >>>

Author Index Subject Index

<<< Threads >>>

[address-policy-wg] Re: [ppml] article about IPv6 vs firewalls vs NAT in arstechnica (seen on slashdot)

To: Tony Hain alh-ietf@localhost
From: "william(at)elan.net" william@localhost
Date: Fri, 11 May 2007 00:03:08 -0700 (PDT)
Cc: vixie@localhost, ppml@localhost, address-policy-wg@localhost


I don't understand your point about why ULA need to be registered if
its not going to be globally routed. Also PI is not the same as ULA -
PI do come from RIRs and in IPv6 there was no way to get PI (except
in a few special cases) until recent ARIN's micro-allocation policy.

On Fri, 11 May 2007, Tony Hain wrote:

I agree that this will help inform the debate, and while Iljitsch did a good
job of outlining the issue, he left out a significant point:::
People explicitly chose to be in the state of "as there is currently no
obvious way to make services only available locally" by insisting that the
local-scope addressing range have a global-scope as far as application
developers were concerned. Now the application developers are complaining
about the consequences of their choice, because the alternative to 'no
routing path for an attack' is to insert a device that has to make policy
decisions with limited information.

The current ULA-central discussions will be directly involved in this issue.
It is critical that all of the RIR's have policies establishing a mechanism
for registering ULA-central prefixes & PI. For those who don't recall, the
reason ULA-central was tabled was that it was seen as a potential end-run to
acquire PI space in the absence of appropriate policy to do so out of a
range recognized for global routing.

The need for keeping some things local while others are global is real, and
the lack of appropriate mechanisms to accomplish that through the routing
system that is designed to deal with path selection leads to entire
industries for fragile work-arounds along with their increased complexity.

Tony

-----Original Message-----
From: ppml-bounces@localhost [	    

] On Behalf Of
vixie@localhost
Sent: Thursday, May 10, 2007 9:59 PM
To: ppml@localhost
Subject: [ppml] article about IPv6 vs firewalls vs NAT in arstechnica
(seen on slashdot)

i think that this article will help inform the debate around the ipv6
transition:

http://arstechnica.com/articles/paedia/ipv6-firewall-mixed-blessing.ars
_______________________________________________
This message sent to you through the ARIN Public Policy Mailing List
(PPML@localhost).
Manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/ppml


_______________________________________________
This message sent to you through the ARIN Public Policy Mailing List
(PPML@localhost).
Manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/ppml

[address-policy-wg] Re: [ppml] article about IPv6 vs firewalls vs NAT in arstechnica (seen on slashdot)
- From: JORDI PALET MARTINEZ
[address-policy-wg] Re: [ppml] article about IPv6 vs firewalls vs NAT in arstechnica (seen on slashdot)
- From: Owen DeLong
[address-policy-wg] RE: [ppml] article about IPv6 vs firewalls vs NAT in arstechnica (seen on slashdot)
- From: michael.dillon

[address-policy-wg] RE: [ppml] article about IPv6 vs firewalls vs NAT in arstechnica (seen on slashdot)
- From: Tony Hain

<<< Chronological >>>

Author Subject

<<< Threads >>>


	About RIPE \| Site Map \| LIR Portal \| About the RIPE NCC \| Contact \| Copyright Statement