Last Chance Rush -- was "Five Security Flaws in IPv6"

JORDI PALET MARTINEZ jordi.palet at consulintel.es
Mon May 14 09:17:36 CEST 2007 

Exactly. This is the model that some of our big customers are using.

Dual-stack with private IPv4 in the customer end-sites LANs, IPv6-only in
all their infrastructure, dual-stack with public IPv4 in the server
LANs/data center.

A proxy/cache was already there before IPv6 was deployed, so we just turned
the proxy to allow IPv4 all the IPv4 traffic to Internet to become IPv6
inside the network. Then any IPv4 protocol that can't be proxied is
automatically tunneled via softwires (IPv4 in IPv6, across the IPv6-only
network until the connection to Internet which is also dual-stack).

At this way, you don't break applications that only work with IPv4 at the
time being, but most of your traffic becomes only IPv6.

Regards,
Jordi




> De: Gert Doering <gert at space.net>
> Responder a: <ipv6-ops-bounces+jordi.palet=consulintel.es at lists.cluenet.de>
> Fecha: Mon, 14 May 2007 09:04:33 +0200
> Para: David Conrad <david.conrad at icann.org>
> CC: Carlos Friacas <cfriacas at fccn.pt>, <ipv6-ops at lists.cluenet.de>, Mohacsi
> Janos <mohacsi at niif.hu>
> Asunto: Re: Last Chance Rush -- was "Five Security Flaws in IPv6"
> 
> Hi,
> 
> On Sun, May 13, 2007 at 10:42:25AM -0700, David Conrad wrote:
>> Get used to NAT.  Learn to love it. If you are an IPv6-only site (the
>> likelihood of which increases significantly when the IPv4 free pool
>> runs out in 20{09,10,11,12}), you are going to need v6-to-v4 NAT to
>> connect to anything useful.
> 
> Not necessarily NAT - I see this as a good place for ISPs to step
> in and provide dual-stack transition aids (web proxies, mail relays,
> recursive DNS, etc., with v4 and v6 capabilities).
> 
> Interesting enough, this can be turned around - for very large networks
> that are already using a proxy-only connection to "The Internet", it
> might be a workable solution to move to IPv6 internally, and use IPv4
> only on the external proxy...
> 
> Gert Doering
>         -- NetMaster
> -- 
> Total number of prefixes smaller than registry allocations:  113403
> 
> SpaceNet AG                        Vorstand: Sebastian v. Bomhard
> Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
> Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279




**********************************************
The IPv6 Portal: http://www.ipv6tf.org

Bye 6Bone. Hi, IPv6 !
http://www.ipv6day.org

This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.

More information about the ipv6-ops mailing list