[ipv6hackers] IPv6 security (slides and training)

fred bovy fred at fredbovy.com
Fri Nov 11 13:21:38 CET 2011

I can see many good reason for an enterprise moving to IPv6

The new connected enterprises which don(t own a large IPv4 block of
addresses will have no choice than deploying IPv6.

So you will have two Internet, the old IPv4 internet with people who want
to stick with IPv4 and the new connected with IPv6.

Do you think that even if we setup some translation between the IPv4 and
the IPv6 wold, this will scale to provide seamless connectivity between
the two Internet?

I think that the IPv4 folks will quickly have problems communicating with
their partners and customers running IPv6.
Most of the applications on the Internet are Real-Time applications. Video
is #1 but there is also VoIP, WebEX and more.
Do you think that this will be OK with CGN, Double NAT?

This is for me a good reason.

Now you say that IPv6 is immature, untested! But IPv6 6BONE testing
started in 1996!
More than 15 years of tests.

What is enough for you? 20, 30 years of tests?

This is the status of IPv6 deployments:

There are more than 6280 IPv6 Web servers:

All these people are running IPv6 and nobody complained and rollback to

The World IPv6 day, Microsoft as many others started IPv6 on all servers
and did not find any issueŠ.

So what will be enough for you to say that IPv6 is mature? 30 years of

What will be enough for you to say that IPv6 is tested?


Le 11/11/11 09:31, « Doug Barton » <dougb at dougbarton.us> a écrit :

>On 11/09/2011 15:57, Carlos Martinez-Cagnazzo wrote:
>> I sometimes wonder about all this perceived risks/vulns affecting
>> IPv6. There were *a lot* of similar vulns in IPv4 back in the time.
>So please explain to me what the motivation is for an enterprise that
>already has a mature, secure (for their own definition of secure)
>network stack (i.e., v4) to deploy a new, largely untested, immature
>network stack that is not only full of bugs, but still evolving? The
>argument that "IPv6 is as good as IPv4 was 15 years ago!" is a reason
>NOT to deploy it, not the other way around.
>Failure to recognize this issue is one of the most important reasons
>that IPv6 adoption is still at pathetically low levels, and CGN is seen
>as the more attractive option. And don't even get me started on all the
>other issues, like lack of DHCP parity.
>Don't get me wrong, I still think that ultimately IPv6 is going to be
>the answer. It's just way past time for us to accept responsibility for
>creating more problems than solutions.
>		"We could put the whole Internet into a book."
>		"Too practical."
>	Breadth of IT experience, and depth of knowledge in the DNS.
>	Yours for the right price.  :)  http://SupersetSolutions.com/
>Ipv6hackers mailing list
>Ipv6hackers at lists.si6networks.com

More information about the Ipv6hackers mailing list