1 recommendation |
to elwoodblues
Re: Status of ipv6 with Canadian ISPsaid by elwoodblues:We wouldn't be having this discussion if the ARIN would grow a pair and start taking back the Class A addresses that companies like Apple and HP have. We would still be having this discussion; it would just be a few months later. You listed eight class A networks, but prior to the global IPv4 pool depletion in January 2011, we were burning through twenty class As per year! See the graphs here: » en.wikipedia.org/wiki/IP ··· haustion"The greatest shortcoming of the human race is our inability to understand the exponential function." - Albert A. Bartlett, physicist |
|
34764170 (banned) join:2007-09-06 Etobicoke, ON
1 recommendation |
34764170 (banned)
Member
2013-Feb-17 9:28 pm
said by paul248:We would still be having this discussion; it would just be a few months later. You listed eight class A networks, but prior to the global IPv4 pool depletion in January 2011, we were burning through twenty class As per year!
See the graphs here: »en.wikipedia.org/wiki/IP ··· haustion
"The greatest shortcoming of the human race is our inability to understand the exponential function." - Albert A. Bartlett, physicist Worrying about clawing back v4 space is so ridiculously short sighted. Even under the best circumstances that might buy no more than a year.. gimme a break. Nope. Internet is closed. You're going to have to close up shop. |
|
elwoodbluesElwood Blues Premium Member join:2006-08-30 Somewhere in |
said by 34764170:said by paul248:We would still be having this discussion; it would just be a few months later. You listed eight class A networks, but prior to the global IPv4 pool depletion in January 2011, we were burning through twenty class As per year!
See the graphs here: »en.wikipedia.org/wiki/IP ··· haustion
"The greatest shortcoming of the human race is our inability to understand the exponential function." - Albert A. Bartlett, physicist Worrying about clawing back v4 space is so ridiculously short sighted. Even under the best circumstances that might buy no more than a year.. gimme a break. Nope. Internet is closed. You're going to have to close up shop. I think we'd get more then a year out of it. Does every single device need a public IP? I know even if I had a whole mess of ip6's available to me, I wouldn't expose my devices. While i can see the advantage to that, these days, no way in hell. |
|
34764170 (banned) join:2007-09-06 Etobicoke, ON
1 recommendation |
34764170 (banned)
Member
2013-Feb-17 11:00 pm
said by elwoodblues:I think we'd get more then a year out of it. Too bad you're wrong. said by elwoodblues:Does every single device need a public IP? I know even if I had a whole mess of ip6's available to me, I wouldn't expose my devices.
While i can see the advantage to that, these days, no way in hell. No one said you have to "expose" your devices but you're given the option of doing so as you please. Lots of people want that option of being able to do so. Only people that know what they're doing should do so. CPE will not do so by default unless the user has changed the settings. |
|
elwoodbluesElwood Blues Premium Member join:2006-08-30 Somewhere in |
said by 34764170:No one said you have to "expose" your devices but you're given the option of doing so as you please. Lots of people want that option of being able to do so.
Only people that know what they're doing should do so.
What have you been smoking? Are you going to sit there and seriously tell me that you'd expose a IPv6 corporate network to the internet, "because you know what you're doing"? I know what I'm doing and and in no way in hell would I expose a home network, let alone a corporate one to the Internet. I have /28 address space at work and for us, it's perfect. |
|
34764170 (banned) join:2007-09-06 Etobicoke, ON
1 recommendation |
34764170 (banned)
Member
2013-Feb-18 4:33 pm
said by elwoodblues:What have you been smoking? Are you going to sit there and seriously tell me that you'd expose a IPv6 corporate network to the internet, "because you know what you're doing"?
I know what I'm doing and and in no way in hell would I expose a home network, let alone a corporate one to the Internet.
I have /28 address space at work and for us, it's perfect. I could say the same to you. If I need to access services provided by systems within the inside network, then yes. How am I supposed to do that without exposing them to the net? You're telling me you have never setup port forwarding for anything on your network with IPv4? |
|
|
Gami00 join:2010-03-11 Mississauga, ON |
to elwoodblues
Aren't there private blocks of IP6 as well? just like IP4?
i don't get this exposing all devices to the internet deal when it works so much similar to IP4, that all these fears and nonsense seem to be worthless. |
|
|
1 recommendation |
to elwoodblues
Just because you have a publicly routable IP address, doesn't mean that you have to disable your residential gateway's firewall. You can still get NAT levels of protection with public IPs.
You can still deny incoming connections by default, you can still set up exceptions lists, and do all those wonderful things. You just now have a unique IP in the entire world, instead of only unique within your household. No biggy. |
|
34764170 (banned) join:2007-09-06 Etobicoke, ON
1 recommendation |
to Gami00
said by Gami00:all these fears and nonsense seem to be worthless. The fears and nonsense comes from a lack of understanding of how firewalls and NAT works. |
|
SteveI know your IP address
join:2001-03-10 Tustin, CA
1 recommendation |
to elwoodblues
That's where you lost me. It's perfectly possible to run an inside network with publicly-routable IP addresses and protect it with the same firewall you use for your residential network. Many, possibly including you, confuse "NAT" with "firewall", and those who believe you can only protect with NAT are saying very clear that they do not know what they're doing. Steve |
|
elwoodbluesElwood Blues Premium Member join:2006-08-30 Somewhere in
1 recommendation |
to 34764170
I think this is where we are confused.
Yes everything I have set-up is with port forwarding. I'm getting the impression from you that with IPv6 you would just open up an entire server (and perhaps workstations) to the net, since there would such a plethora of ip space |
|
elwoodblues
1 recommendation |
to Steve
I don't confuse NAT with Firewall by any means. |
|
SteveI know your IP address
join:2001-03-10 Tustin, CA
1 recommendation |
to elwoodblues
said by elwoodblues:I think this is where we are confused. If you believe that running a standard, non-NAT, routed network is the same as being wide open to the internet, it's clearly you who are confused. It's totally possible and straightforward to set up firewall rules that don't involve NAT but still provide the same level of protection you have with your NAT at home. The thing is: It's not NAT that provide the security, it's the stateful inspection, that same inspection being part of the non-NAT firewall. Steve |
|
34764170 (banned) join:2007-09-06 Etobicoke, ON
1 recommendation |
to elwoodblues
said by elwoodblues:I think this is where we are confused.
Yes everything I have set-up is with port forwarding. I'm getting the impression from you that with IPv6 you would just open up an entire server (and perhaps workstations) to the net, since there would such a plethora of ip space No, firewalls whether in a business environment or at home should have a default block all policy. That results in having the same behaviour as NAT which "blocks" traffic since there is no mapping between the outside routable IP and inside address(es) until there is port forwarding implemented. I meant being able to apply pass/allow rules to a firewall to allow certain services to be accessible from the outside. Which is functionality equivalent as using port forwarding although with more flexibility since each device also has a routable address. |
|
1 recommendation |
to stevey_frac
said by stevey_frac:You can still get NAT levels of protection with public IPs. People who believe NAT is magically more secure simply misunderstand why it is so. Stateful firewalling is an intrinsic prerequisite to NAT: can't do NAT without stateful connection tracking to determine which packets belong to which LAN client. As you said, stateful firewall on IPv6 is every bit as secure as NAT on IPv4: incoming connections get denied by default. |
|