Re: [v6ops] Please review the No IPv4 draft
Nick Hilliard <nick@foobar.org> Tue, 29 April 2014 21:39 UTC
Return-Path: <nick@foobar.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F182F1A0950 for <v6ops@ietfa.amsl.com>; Tue, 29 Apr 2014 14:39:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X2dtxTonABZo for <v6ops@ietfa.amsl.com>; Tue, 29 Apr 2014 14:38:58 -0700 (PDT)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) by ietfa.amsl.com (Postfix) with ESMTP id 6F4B11A0957 for <v6ops@ietf.org>; Tue, 29 Apr 2014 14:38:57 -0700 (PDT)
X-Envelope-To: v6ops@ietf.org
Received: from cupcake.foobar.org ([IPv6:2001:4d68:2002:100::110]) (authenticated bits=0) by mail.netability.ie (8.14.8/8.14.5) with ESMTP id s3TLcrCN075190 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 29 Apr 2014 22:38:54 +0100 (IST) (envelope-from nick@foobar.org)
X-Authentication-Warning: cheesecake.netability.ie: Host [IPv6:2001:4d68:2002:100::110] claimed to be cupcake.foobar.org
Message-ID: <53601BED.4050200@foobar.org>
Date: Tue, 29 Apr 2014 22:38:53 +0100
From: Nick Hilliard <nick@foobar.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Ted Lemon <ted.lemon@nominum.com>
References: <9B4139A3-77F7-4109-93AD-A822395E5007@nominum.com> <m24n1l8i1a.wl%Niall.oReilly@ucd.ie> <3BA3E5A3-4385-43CE-B73F-A0686AA31B4E@nominum.com> <m238gxpgrt.wl%Niall.oReilly@ucd.ie> <73221D87-5F50-4689-AA42-553AF757ABF5@nominum.com> <m2mwf59uht.wl%Niall.oReilly@ucd.ie> <7310412C-64E9-4A11-9812-92A969082131@nominum.com> <20140428190804.GK43641@Space.Net> <446A720E-1128-4FFF-BB3B-780EACA9610B@nominum.com> <535EBC20.10900@foobar.org> <20140428213045.GL511@havarti.local> <19B5B5AB-FF86-408B-8E73-D5350853965B@foobar.org> <3563D9EE-CD40-4E75-A1CB-C3FB50EEEBC4@nominum.com> <535F3624.4020801@foobar.org> <alpine.DEB.2.02.1404290726011.29282@uplift.swm.pp.se> <535F3A8C.2050902@foobar.org> <E68028C1-2E6D-4D07-A113-60757457E286@nominum.com> <535F99A9.3030402@foobar.org> <0C03200E-B349-44D4-BE3F-512AD6A7A417@nominum.com> <535FCB2C.3030502@foobar.org> <8DB83B3D-D09C-4977-9B4F-75EA2DD3B71D@nominum.com>
In-Reply-To: <8DB83B3D-D09C-4977-9B4F-75EA2DD3B71D@nominum.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/g7LskhSoVeuTN8xTurI7r4cSVXg
Cc: "v6ops@ietf.org WG" <v6ops@ietf.org>
Subject: Re: [v6ops] Please review the No IPv4 draft
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Apr 2014 21:39:03 -0000
On 29/04/2014 17:08, Ted Lemon wrote: > It also doesn't establish it. That was what I was asking for earlier. > I think that if there is a serious gap here, the working group should > consider that. But we haven't actually established that such a gap > exists. My intuition is that you may be right about this, but I'd like > to go on more than intuition. there are three issues here: 1. how much kit out there that doesn't support ra guard / dhcpv6 snooping or basic ipv6 acls on l2 ports, 2. for the kit that does support these features, how good is that support and 3. how important this is to the noipv4 proposal. #1 is highly platform specific and depends on both hardware and software support. e.g. Cisco Nexus 3000 doesn't support ipv6 acls on L2 ports. cisco nexus 1000v doesn't support ipv6 acls at all. Cisco 6500 boxes support ra guard but not dhcpv6 guard. Brocade ironware boxes will support IPv6 ACLs, but can only install them on L2 ports on certain platforms, and even then only if you don't have mac filters installed on those ports. Same mac||ip filter problem on netiron s/w. #2 is complicated enough that Fernando Gont wrote an ID on the topic. Many platforms are subject to the sort of fragmentation / extension header evasion techniques that Fernando describes. The only switch which I've heard to support ra guard for difficult packets is the windows hyperv soft-switch. Hardware forwarded switches seem to be particularly prone to the problem #3: the ietf is fully within remit to write this off as an operational issue and not a protocol problem, and that if your ipv6 first hop security mechanism is broken, then you have bigger problems. While this is undoubtedly true, the draft will create the requirement for all networks - including legacy ones - to protect against rogue RA / DHCPv6 packets because otherwise you could find that newer clients on unprotected legacy networks would be susceptible to having their ipv4 stacks shut down if someone with a sense of humour starts playing around. #3 means that the network operator must be trusted. I don't trust many of the networks that I connect to because sometimes operators and other agents are malicious and I expect my phone / laptop / etc not to be particularly interfered with by their malice. The level of policy interference from this ID is very large indeed. Nick
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Matthew Petach
- [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Philip Homburg
- Re: [v6ops] Please review the No IPv4 draft Matthew Petach
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Gert Doering
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Gert Doering
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft George, Wes
- Re: [v6ops] Please review the No IPv4 draft Ray Hunter
- Re: [v6ops] Please review the No IPv4 draft Bernie Volz (volz)
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Bernie Volz (volz)
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Lorenzo Colitti
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Ray Hunter
- Re: [v6ops] Please review the No IPv4 draft Mikael Abrahamsson
- Re: [v6ops] Please review the No IPv4 draft Niall O'Reilly
- Re: [v6ops] Please review the No IPv4 draft Mikael Abrahamsson
- Re: [v6ops] Please review the No IPv4 draft Gert Doering
- Re: [v6ops] Please review the No IPv4 draft Gert Doering
- Re: [v6ops] Please review the No IPv4 draft Mikael Abrahamsson
- Re: [v6ops] Please review the No IPv4 draft Tina TSOU
- Re: [v6ops] Please review the No IPv4 draft Mikael Abrahamsson
- Re: [v6ops] Please review the No IPv4 draft Gert Doering
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Ray Hunter
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Dale W. Carder
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Bernie Volz (volz)
- Re: [v6ops] Please review the No IPv4 draft Bernie Volz (volz)
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Matthew Petach
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] [homenet] Please review the No IPv4 d… Michael Richardson
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Ray Hunter
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Karsten Thomann
- Re: [v6ops] Please review the No IPv4 draft George, Wes
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft George, Wes
- Re: [v6ops] Please review the No IPv4 draft Karsten Thomann
- Re: [v6ops] Please review the No IPv4 draft George, Wes
- Re: [v6ops] Please review the No IPv4 draft Bernie Volz (volz)
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Ray Hunter
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Lorenzo Colitti
- Re: [v6ops] Please review the No IPv4 draft Mikael Abrahamsson
- Re: [v6ops] Please review the No IPv4 draft Lorenzo Colitti
- Re: [v6ops] Please review the No IPv4 draft Mikael Abrahamsson
- Re: [v6ops] Please review the No IPv4 draft Philip Homburg
- Re: [v6ops] Please review the No IPv4 draft Brian Haberman
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Dale W. Carder
- Re: [v6ops] Please review the No IPv4 draft Lorenzo Colitti
- Re: [v6ops] Please review the No IPv4 draft Dale W. Carder
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Dale W. Carder
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Philip Homburg
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Bernie Volz (volz)
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Bernie Volz (volz)
- Re: [v6ops] Please review the No IPv4 draft Tom Taylor
- Re: [v6ops] Please review the No IPv4 draft Mikael Abrahamsson
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Ray Hunter
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Lorenzo Colitti
- Re: [v6ops] Please review the No IPv4 draft Lorenzo Colitti
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Mikael Abrahamsson
- Re: [v6ops] Please review the No IPv4 draft Lorenzo Colitti
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft George, Wes
- Re: [v6ops] Please review the No IPv4 draft Mikael Abrahamsson
- Re: [v6ops] Please review the No IPv4 draft Dale W. Carder
- Re: [v6ops] Please review the No IPv4 draft Dale W. Carder
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Ray Hunter
- Re: [v6ops] Please review the No IPv4 draft Gert Doering
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Lorenzo Colitti
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Matthew Petach
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft George, Wes
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Philip Homburg
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Philip Homburg
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Lorenzo Colitti
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Niall O'Reilly
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Philip Homburg
- Re: [v6ops] Please review the No IPv4 draft Owen DeLong
- Re: [v6ops] Please review the No IPv4 draft Simon Perreault
- Re: [v6ops] Please review the No IPv4 draft Niall O'Reilly
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Niall O'Reilly
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Gert Doering
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Sander Steffann
- Re: [v6ops] Please review the No IPv4 draft Dale W. Carder
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Mikael Abrahamsson
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Sander Steffann
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Mikael Abrahamsson
- Re: [v6ops] Please review the No IPv4 draft Lorenzo Colitti
- Re: [v6ops] Please review the No IPv4 draft Doug Barton
- Re: [v6ops] Please review the No IPv4 draft Fernando Gont
- Re: [v6ops] Please review the No IPv4 draft Lorenzo Colitti
- Re: [v6ops] Please review the No IPv4 draft Sander Steffann
- Re: [v6ops] Please review the No IPv4 draft Mikael Abrahamsson
- Re: [v6ops] Please review the No IPv4 draft Sander Steffann
- Re: [v6ops] Please review the No IPv4 draft Nick Hilliard
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Mikael Abrahamsson
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Fernando Gont
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Doug Barton
- [v6ops] Hey guys, was Re: Please review the No IP… joel jaeggli
- Re: [v6ops] Please review the No IPv4 draft Ted Lemon
- Re: [v6ops] Please review the No IPv4 draft Doug Barton