Thoughts about ipv6 white listing

George Bonser gbonser at
Sun Dec 5 01:41:02 CET 2010

> >
> > Also, this gets rolled out for one client network at a time, not
> globally.
> >
> 	i see - so this iisn't really on the Internet at all. this is a
> series of closed
> 	user groups... in which case, you are able to absolutely assure
> yourself of the
> 	accuracy of your assumptions.  Not all of us have such luxury.
> And $diety help
> 	you when you get around to hooking these up to the Internet.
> --bill

Correct.  In this case I am working first with the "known quantities",
not with the unknown.  Get the known quantities migrated to v6 where
performance can be accurately monitored and verified.  This would be
akin to Goggle or Yahoo rolling out AAAA resources to direct peers
first, before rolling it out to the general Internet.  These would
account for about 90% of the connections to us though only about 15% of
the traffic as measured in bytes moved.

It actually *is* a form of white listing because in my specific case,
different remote networks connect to different resources on my end and I
can control them individually.

But even in the case of a global resource, I believe I can shrink that
0.078% to something much smaller (and likely tolerable) if I only hand
out AAAA records where the requests arrive over v6 but that will be
something that will need to be monitored and measured to see if that is
actually the case.  In other words, I would like to see a statistical
breakdown of how that 0.078% requested resources.  How many of the ones
requesting an AAAA over v4 had problems vs. how many requesting an AAAA
resource over v6 had problems.  My gut instinct is that those two
numbers differ though I have no empirical numbers to validate that.

More information about the ipv6-ops mailing list