[ipv6-wg] Last call on the replacement of ripe-501 "Requirementsfor IPv6 in ICT equipment"
Eric Vyncke (evyncke) evyncke at cisco.com
Tue Oct 25 15:45:14 CEST 2011
A couple of late comments: - for host: I am not sure whether IKE/IPsec should be mandatory, this is not always the case NOW and the IETF intends to move this requirement to SHOULD rather than MUST - for host: I would add 'support ingress traffic filters if ingress traffic filters exist for IPv4' - consumer grade switches: AFAIK, those cheap switches do not support IGMP snooping, so, why mandating MLD snooping? - router and RFC 4213, only the dual-stack part should be supported (as none of us (?) loves tunnels), then the point after (IPsec for tunnels) becomes irrelevant as well as RFC 2473 - router: I would regroup MLD related in one line RFC 4541 (only when switching is implemented as it has no sense for a pure layer-3) and RFC 3810 - router: do we want to have privacy extension for routers as well? Even as an option? - router: I would move the /127 to the mandatory part - router: can we mandate the uRPF function (anti-spoofing?) - firewall & co: I would not mandate (optional is ok of course) to inspect protocol-41 packets for tunnels (because what about teredo? Or any other covert channels) - firewall & co: support of RFC 4213 should be mandatory for the dual-stack part, I cannot imagine having a firewall doing encapsulation (option ok of course) - firewall: mandatory stateful inspection of application traffic transported above IPv6 is the same application is inspected over IPv4 - load balancers: I would put perhaps a gradation in the different 4-6 6-4 load-balancing - load balancers: I fail to see why ISAKMP should be mandatory esp. when IPsec is optional :-) Hope this helps even if a little late... -éric > -----Original Message----- > From: ipv6-wg-bounces at ripe.net [mailto:ipv6-wg-bounces at ripe.net] On Behalf > Of Marco Hogewoning > Sent: jeudi 13 octobre 2011 11:16 > To: ipv6-wg at ripe.net > Subject: [ipv6-wg] Last call on the replacement of ripe-501 "Requirementsfor > IPv6 in ICT equipment" > > Dear colleagues, > > Following up on feedback received from the community during and after the > publication of the ripe-501. The authors have worked on a replacement > document, incorporating suggestions made by the community and clarifying > some of the requirements. Prior draft versions of this document have been > posted to this mailing list in the past months. > > The resulting final draft document is now published on the website and > reachable via https://www.ripe.net/ripe/docs/other-documents/requirements- > for-ipv6-in-ict-equipment > > We would like the community to review this document. Although this is not a > formal policy proposal, we would like to issue a 4 week working group last > call on this draft before publication. > > Minor changes like typos or formatting can be sent to the authors or to me > directly. Please raise any questions or comments on the content to this > list. Unless blocking issues are found on this text, it is our intent to > publish this draft as a RIPE Document and to change the status of the > current document ripe-501 to obsolete, with a reference to the new document. > > The authors will also present on this draft during the IPv6 working group > session at the Vienna meeting. > > Please send any comments before Thursday November 10 2011, which is 4 weeks > from now. > > Regards, > > Marco Hogewoning > on behalf of the IPv6 Working Group chairs
[ ipv6-wg Archives ]