Mailinglist Archive: opensuse (1837 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: Adam Tauno Williams <awilliam@xxxxxxxxxxxxx>
  • Date: Thu, 09 Sep 2010 06:24:54 -0400
  • Message-id: <1284027894.16809.22.camel@xxxxxxxxxxxxxxx>
On Wed, 2010-09-08 at 12:54 -0700, John Andersen wrote:
On 9/8/2010 10:12 AM, James Knott wrote:
Ilya Chernykh wrote:
They say not in plans.
First most big campus organizations would RATHER be behind a NAT (ipv4
or ipv6), and are actually
selling off address blocks they once owned. That frees up ipv4 blocks.

I know, as profession sys-admin, I look *forward* to our campus no
longer being behind NAT. [NAT is *NOT* a security measure, just use
firewalls - much easier to manage]. So many nagging issues will just
evaporate.

Second, most organizations are far from ready, although some are more
ready than they know
since windows and linux and mac(i think) have been shipping IPv6
stacks for some time now.

It is actually funny. I've been to a couple organizations where I can
move around their network via IPv6 and they didn't even know it. And
their oblivious firewalls don't do anything to protect them. They
aren't ready in a very special kind of way - their security is
essentially broken. All because they aren't "ready" to support IPv6.

There are a lot of devices (printers, print controllers, cams, NAS,
phones, etc) lurking
about about on ipv4 which force you to run an ipv4 network internally
anyway.

So? Continue to support IPv4; we will be dual-stack for a decade.

And you might be surprised; when we did our device survey [as a clunky
old rust-belt industry] things actually turned out pretty good.

Major firewall components and router could not handle ipv6 till
about/after 2005,
(netfilter didn't even handle ipv6 till about that time). Lots of
these are still in production in home routers.

The latest DOCSIS standards *mandate* IPv6. Your recent cable/DSL
supports IPv6. Or your provider will be replacing it soon - in order to
provide higher speeds and more manageability. Then IPv6 support is
there.

There is just tons of software that needs to use or keep track of IPs
that simply is not ready.

There is a lot; I don't know about 'tons'. Most software doesn't care.
I think there is very little software that "needs to use or keep track
of IPs". In our entire stack I think we located two applications that
didn't work with IPv6. One of those was very easily fixed [typically IP
addresses end up getting stored as strings, make the string field
longer, recompile, works].

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread