RFC6092 is also a good read on the subject.
https://tools.ietf.org/html/rfc6092
I'm not expecting many ISPs to ship with an IPv6 firewall off by default
when they go dualstack, we certainly aren't.
We will however allow IPSEC by default. It'll be interesting to see what
applications actually make use of it, other than XBox Ones and perhaps some
torrent clients.
-Richard
On Mon, Nov 3, 2014 at 9:00 PM, Scott Weeks
--- ben(a)meh.net.nz wrote: From: Ben
My biggest concern ATM over DDOS, is when IPV6 starts becoming widely used - a lot of people use NAT as a firewall, and when they implement IPV6 don't protect their hosts properly. ---------------------------------------------
Homenet in the IETF is attempting to address that among other things in the home networks:
https://datatracker.ietf.org/wg/homenet/charter
<quote>
End-to-end communication is both an opportunity and a concern as it enables new applications but also exposes nodes in the internal networks to receipt of unwanted traffic from the Internet. Firewalls that restrict incoming connections may be used to prevent exposure, however, this reduces the efficacy of end-to-end connectivity that IPv6 has the potential to restore.
Home networks need to provide the tools to handle these situations in a manner accessible to all users of home networks. Manual configuration is rarely, if at all, possible, as the necessary skills and in some cases even suitable management interfaces are missing.
The purpose of this working group is to focus on this evolution, in particular as it addresses the introduction of IPv6, by developing an architecture addressing this full scope of requirements:
o prefix configuration for routers o managing routing o name resolution o service discovery o network security
</quote>
scott
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog