[CentOS] IPV4 is nearly depleted, are you ready for IPV6?

Adam Tauno Williams awilliam at whitemice.org
Wed Dec 8 02:20:21 UTC 2010


On Tue, 2010-12-07 at 20:37 -0500, Ross Walker wrote: 
> On Dec 7, 2010, at 7:41 PM, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
> 
> > On Tue, Dec 7, 2010 at 10:04 AM, Adam Tauno Williams
> > <awilliam at whitemice.org> wrote:
> > 
> >> Bogus.  The reason is that they haven't been pressured into adoption by
> >> higher powers; so we will get into a nice scramble to migrate in a
> >> pinch.
> >> 
> >> "most people" have no idea what NAT is, don't care, and shouldn't have
> >> to care.
> >> 
> >> Some people's belief that NAT is some magic sauce that makes them more
> >> secure [it does not] or provides them more flexibility [it does not]
> >> than real addresses ... causes the people who understand networking to
> >> have to spend time explaining that their love of NAT is misguided and
> >> their beliefs about NAT are bogus.
> > 
> > *I'm* a fairly expert network person. (10base2, baby, I remember
> > crimping those cables!) Forcing people to specifically select the
> > services they wish to expose, rather than selecting what to cut off in
> > configuring a typical firewall, is basic policy automatically enforced
> > by NAT. It's especially helpful to ISP's, who *do not want* to try to
> > remember all those furshlugginer individual policies and find it far
> > simpler in routing and firewall terms to force all traffic to the NAT.
> Does this mean I have to type in URLs like:
> http://3ffe:1900:4545:3:200:f8ff:fe21:67cf/

Correct syntax for that is

http://[3ffe:1900:4545:3:200:f8ff:fe21:67cf]/

if you want to specify the port it goes outside the brackets 

http://[3ffe:1900:4545:3:200:f8ff:fe21:67cf]:8080/ 

> I can only image phonetically calling these off on a support call, I'd
> get half way through it and the other end would tell me to "forget it
> I'll wait until DNS is working again".

You aren't crippled currently when DNS doesn't work?  Because e-mail,
Active Directory / Kerberos, and numerous other services just-don't-work
without functioning DNS anyway.  I'd say the network-minus-DNS is pretty
much irrelevant in the real world.

> In fact with DNS problems we'd be pretty much crippled.
> I'd use IPv6 if the addresses weren't so hard to remember.





More information about the CentOS mailing list