Re: [v6ops] draft-ietf-v6ops-enterprise-incremental-ipv6 WGLC
Mark Andrews <marka@isc.org> Tue, 13 August 2013 03:50 UTC
Return-Path: <marka@isc.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3E8111E8122 for <v6ops@ietfa.amsl.com>; Mon, 12 Aug 2013 20:50:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dSDxU8yfn3ll for <v6ops@ietfa.amsl.com>; Mon, 12 Aug 2013 20:50:50 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id 19FEE11E8118 for <v6ops@ietf.org>; Mon, 12 Aug 2013 20:50:45 -0700 (PDT)
Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id D3BA9C941E; Tue, 13 Aug 2013 03:50:31 +0000 (UTC) (envelope-from marka@isc.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=dkim2012; t=1376365845; bh=pE4EeBFtZHkOhWwy3JdCZ/MjqmdCnEgtZqBpXU/9k60=; h=To:Cc:From:References:Subject:In-reply-to:Date; b=hpZJxCs6PY4hxK4JeTHUHsXZQHwNmMay7otZoY0MWMMkggcilNyaBunqCHfkJRMdq LoQeadSq6rCB+tDqClTbSaQTb8B6KzU9Ma+lWv8FCHqtx9RXr92I2nWDjb6VyDbP1h Q5fx9MwpNUon/OE2UgFveYbuIGgfeTHACl9LqVlo=
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.pao1.isc.org (Postfix) with ESMTP; Tue, 13 Aug 2013 03:50:31 +0000 (UTC) (envelope-from marka@isc.org)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 459D0160436; Tue, 13 Aug 2013 03:55:12 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id BTywuVkLLaW2; Tue, 13 Aug 2013 03:55:12 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id EAF65160435; Tue, 13 Aug 2013 03:55:11 +0000 (UTC)
Received: from drugs.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id BC83216032F; Tue, 13 Aug 2013 03:55:11 +0000 (UTC)
Received: from drugs.dv.isc.org (localhost [IPv6:::1]) by drugs.dv.isc.org (Postfix) with ESMTP id 284513846C3D; Tue, 13 Aug 2013 12:34:17 +1000 (EST)
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
From: Mark Andrews <marka@isc.org>
References: <201308041800.r74I03pC023049@irp-view13.cisco.com> <3374_1375690984_51FF60E8_3374_427_1_983A1D8DA0DA5F4EB747BF34CBEE5CD15C5041E1E5@PUEXCB1C.nanterre.francetelecom.fr> <8C48B86A895913448548E6D15DA7553B96E2C5@xmb-rcd-x09.cisco.com> <CAKD1Yr13GK_cuvkt2LpJ1qJo2NR8eUnY-xfwMF_zWfe0P1mm9g@mail.gmail.com> <8C48B86A895913448548E6D15DA7553B96EAE7@xmb-rcd-x09.cisco.com> <CAKD1Yr2_d=4uD1W4WcQ82rupjVJ4UmmQAQmtSY+aQgTXmscNUw@mail.gmail.com> <97EB7536A2B2C549846804BBF3FD47E113128FA2@xmb-aln-x02.cisco.com> <CA6D42D0F8A41948AEB3864480C554F104AE7A3F@xmb-rcd-x10.cisco.com> <C00B4018-6FEE-441C-B807-B1126101CE6D@delong.com> <CA6D42D0F8A41948AEB3864480C554F104AEAABE@xmb-rcd-x10.cisco.com> <520945FF.4000700@gmail.com>
In-reply-to: Your message of "Tue, 13 Aug 2013 08:30:55 +1200." <520945FF.4000700@gmail.com>
Date: Tue, 13 Aug 2013 12:34:17 +1000
Message-Id: <20130813023417.284513846C3D@drugs.dv.isc.org>
X-DCC--Metrics: post.isc.org; whitelist
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] draft-ietf-v6ops-enterprise-incremental-ipv6 WGLC
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2013 03:50:55 -0000
In message <520945FF.4000700@gmail.com>, Brian E Carpenter writes: > On 12/08/2013 17:27, Arie Vayner (avayner) wrote: > > Owen, > > > > While the arguments about moving the firewalls closer to the users are valid they are often are not practical (or at least the cus > tomers I worked with would not implement this option). > > Imagine an enterprise network with 300 spoke sites, but only 2 or 3 Internet gateway locations (with some private WAN in between). > > Moving the firewalls to the spoke sites would increase the number of firewalls from ~3 to ~300 (I am ignoring redundancy and scale > for a second)... This is a major CAPEX and OPEX impact... > > Clearly DOS and scanning protection has to be done as close to the Internet > border routers as possible, and there your logic applies. > > However, as Steve Bellovin pointed out many years ago, the best number of > firewalls for upper layer protection is one per host, which scales nicely > and has less CAPEX and OPEX than middlebox firewalls will ever have. > > Not that I see any of this argument as relevant to the IP version number. > > Brian IP version number brings with it a different set of minimums that nodes / hosts have or should have if the manufacturers were paying attention as we learnt how not to do thing in IPv4. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [v6ops] draft-ietf-v6ops-enterprise-incremental-i… Fred Baker
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Erik Kline
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… christian.jacquenet
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Victor Kuarsingh
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Fred Baker (fred)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Templin, Fred L
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Ray Hunter
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Mark ZZZ Smith
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Mark ZZZ Smith
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Fred Baker (fred)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Brian E Carpenter
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Fred Baker (fred)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Victor Kuarsingh
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… cb.list6
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Victor Kuarsingh
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- [v6ops] IPv6-only section [draft-ietf-v6ops-enter… Brian E Carpenter
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Martin Millnert
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Eric Vyncke (evyncke)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Eric Vyncke (evyncke)
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Brian E Carpenter
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… joel jaeggli
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… cb.list6
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Erik Nygren
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Ray Hunter
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… cb.list6
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Gert Doering
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Ray Hunter
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Tore Anderson
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Gert Doering
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Owen DeLong
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Fred Baker (fred)
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Ray Hunter
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Brian E Carpenter
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Gert Doering
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Tom Perrine
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Arie Vayner (avayner)
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Ray Hunter
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Gert Doering
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Ray Hunter
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Owen DeLong
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Owen DeLong
- [v6ops] draft-ietf-v6ops-enterprise-incremental-i… Fred Baker
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Arie Vayner (avayner)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Owen DeLong
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Arie Vayner (avayner)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Brian E Carpenter
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Mark Andrews
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Lorenzo Colitti
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Mark ZZZ Smith
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Eric Vyncke (evyncke)
- Re: [v6ops] IPv6-only section [draft-ietf-v6ops-e… Eric Vyncke (evyncke)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Eric Vyncke (evyncke)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Fred Baker (fred)
- Re: [v6ops] draft-ietf-v6ops-enterprise-increment… Tom Perrine