Lew Wolfgang wrote:
Then, there's added complexity at the user level. I'm thinking mainly of the requirement to run dual-stacked networks because not all hardware is v6 compatible. I'm sure that things will eventually get better when absolutely everything handles v6, but until then simplicity lives in the v4 natted world. Security is inversely proportional to Complexity, and dual stacked networks increase complexity.
Okay, yes, that dual-stack could be seen as added complexity. I guess I was thinking more of the IPv6 protocol than the infrastructure, but it does make more sense to look at the overall picture. [snip]
This dialog caused me to check to see if my ISP even offers v6, they do! And so does the Zyxel. All I have to do is click a check box to turn on v6. I was tempted to do that this past weekend, but then reality started to sink in when I thought about all my devices having direct connection to the Internet. The ACL's between my segments might work, but they'd certainly have to be tested, and I didn't want to take the time to get started. I might also bork The Fetching Mrs. Wolfgang's Tivo connection, and that just wouldn't do. I've been working in IT and networking for decades, and I still claim to be ignorant of many things. How would Joe Six-pack or Grandma Noodle-Soup handle setting up their home v4/v6 dual stacked network?
Without great fanfare I suspect. The provider would take care of it, just as they did for IPv4. I see no reason why they shouldn't. Surely this is the typical firewall config in any average xDSL modem/router : IPv4+NAT - all inbound ports blocked, only locally initiated traffic allowed. To enable external access to a service, you need to configure port forwarding. (send port 80 to address 192.168.77.123). IPv6 - all inbound ports blocked, only locally initiated traffic allowed. To enable external access to a host/service, you need to open an address::port combo. (allow port 80 for 2001:db8:1711:45) Did I miss something? -- Per Jessen, Zürich (27.0°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org