[ipv6hackers] my IPv6 insecurity slides

Cameron Byrne cb.list6 at gmail.com
Tue Nov 29 18:13:24 CET 2011 

On Nov 29, 2011 9:03 AM, "Fabian Wenk" <fabian at wenks.ch> wrote:
>
> Hello Cameron
>
>
> On 28.11.2011 20:49, Cameron Byrne wrote:
>>>
>>>  The migration to IPv6 was probably started to late. It is basically
>>>  killed by Web2.0 (the second "new internet") and the smartphones.
>>
>>
>> trying to resist the need to send email....giving up...
>>
>> I would say the Smartphones on IPv6 are one of the reasons to go to IPv6.
>
>
> I do not know how the mobile phone data network do work in other
countries, but in Switzerland at least the major telco (Swisscom) is
running the whole mobile data network since ever behind NAT gateways with
only IPv4 available.
>

I work at mobile operator.

I have run cgn for years.

I am out of rfc1918 space.

The only path forward to number users is ipv6.

>
>> It is not servers (content) running out of IPv4 addresses that is the
>> issue.  It is that the network edge of eyeballs that is growing
>> fast... More people are coming online and more people have 2,3,4
>> devices that need IP addresses.
>
>
> They use NAT already, as for the most customers, the ISPs only assigns 1
IPv4 address to their connection. And NAT also protects the devices somehow
from the outside Internet, which the customers also does appreciate.
>
>
>> People will not go to IPv6 to access new and better content.
>>
>> People (eyeballs) will be given IPv6 addresses because IPv4 has
>> (already) run out.
>
>
> Or the ISPs start to use NAT also on their network and putting several
customers behind one NAT gateway (like they already do with mobile
internet). Sure when ISPs start using NAT at large on home internet
connections, this will cause other problems, eg. when a content provider or
web server blocks or limits access based on IP addresses in the case of
overuse / abuse.
>
>
>> Content folks will want to provide parity to IPv4, IPv6, and
>> dual-stack eyeballs, so that is why content will go to IPv6.
>
>
> Sure, content need to go dual-stacked first.
>

Major content like Google and other w6d orgs have already shown they can do
dual stack.

>
>> User go to IPv6 because they have no choice (addresses run out, many
>> people, many devices)
>
>
> But only when they get it from their ISP and everything still can be
reached. If they only get IPv6 and no IPv4 today, they will probably
complain to their ISP because they are not able to reach some major
websites which currently only run on IPv4.
>
>

Hence Nat64.

>> Content go to IPv6 to reach the users.
>
>
> It will be needed.
>
> Do not understand me wrong, I personally prefer to move forward with
IPv6. My own private systems are running dual stacked since ages, but even
there I still have services and systems / devices which do not (fully)
support IPv6 (yet).
> Currently there is nothing out there, which gives enough pressure to
content providers or / and ISPs to move forward with IPv6. At the current
point it just costs money and effort without any real benefit (without
looking at Asia). And as pointed out above, to give internet access to home
customers NAT at large could be used, as it is already in operation on the
mobile phone data network. I hope that this will not happen (as it will
also cause problems) and the ISPs will move forward with IPv6 on their end
user connections.
>
> Somehow it is like the chicken and egg question.
>

Imho, we are passed this. Or, at least my network is. Ymmv.

Cb

>
> bye
> Fabian
>
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers

More information about the Ipv6hackers mailing list