[ipv6hackers] "Stick to limited IPv6 deployments, businesses warned"

[-Hammer-]

I don't 100% agree. I think it depends on the business. For many 
businesses there is no need and I agree with you on that. But businesses 
that interact heavily with the government (Financial, Healthcare, etc) 
may find they are more pressed to have v6 reach inside their WAN for 
extranets/vpns/etc. That is certainly our case. We are trying to avoid 
any type of 6to4 6n4 6over4 (say when) implementations that are 
contradictive to the true intent of IPv6. The result is that we are 
seriously discussing a dual stack rollout over the next 24 months. We're 
already deploying on the edge and about to migrate to the core. WAN is 
next...

-Hammer-

"I was a normal American nerd"
-Jack Herer

On 8/23/2012 8:24 AM, Marc Heuse wrote:
> Hi Jim,
>
>> "If some network engineer says 'let's make a global company all
>> IPv6', I would fire that guy, because it costs millions and the
>> benefit is zero."
> several things in the article wrong and I asked to review the article
> before it goes online (he told me their technical security article
> writer left a week ago), that statemnt is mine however :-)
>
> what I am talking about is enabling IPv6 internally. There is no need
> for this. no business need. So anybody wanting to do this without
> necessity should be fired.
>
> I also always advice that companies should IPv6 enable the front-end
> DMZ. but nothing else.
>
>> That said, in the space I work in Cisco and Microsoft have done IMHO a
> pretty good job addressing the issues.
>
> I agree with Cisco, for Microsoft, sorry, no. A company which does not
> fix critical local LAN issues because of ego reasons in the IPv6 stack
> team - I can't take them seriously.
>
> Greets,
> Marc
>
> --
> Marc Heuse
> www.mh-sec.de
>
> PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
>