[CentOS] IPV4 is nearly depleted, are you ready for IPV6?
Adam Tauno Williams
awilliam at whitemice.org
Wed Dec 8 02:20:21 UTC 2010
On Tue, 2010-12-07 at 20:37 -0500, Ross Walker wrote:
> On Dec 7, 2010, at 7:41 PM, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
>
> > On Tue, Dec 7, 2010 at 10:04 AM, Adam Tauno Williams
> > <awilliam at whitemice.org> wrote:
> >
> >> Bogus. The reason is that they haven't been pressured into adoption by
> >> higher powers; so we will get into a nice scramble to migrate in a
> >> pinch.
> >>
> >> "most people" have no idea what NAT is, don't care, and shouldn't have
> >> to care.
> >>
> >> Some people's belief that NAT is some magic sauce that makes them more
> >> secure [it does not] or provides them more flexibility [it does not]
> >> than real addresses ... causes the people who understand networking to
> >> have to spend time explaining that their love of NAT is misguided and
> >> their beliefs about NAT are bogus.
> >
> > *I'm* a fairly expert network person. (10base2, baby, I remember
> > crimping those cables!) Forcing people to specifically select the
> > services they wish to expose, rather than selecting what to cut off in
> > configuring a typical firewall, is basic policy automatically enforced
> > by NAT. It's especially helpful to ISP's, who *do not want* to try to
> > remember all those furshlugginer individual policies and find it far
> > simpler in routing and firewall terms to force all traffic to the NAT.
> Does this mean I have to type in URLs like:
> http://3ffe:1900:4545:3:200:f8ff:fe21:67cf/
Correct syntax for that is
http://[3ffe:1900:4545:3:200:f8ff:fe21:67cf]/
if you want to specify the port it goes outside the brackets
http://[3ffe:1900:4545:3:200:f8ff:fe21:67cf]:8080/
> I can only image phonetically calling these off on a support call, I'd
> get half way through it and the other end would tell me to "forget it
> I'll wait until DNS is working again".
You aren't crippled currently when DNS doesn't work? Because e-mail,
Active Directory / Kerberos, and numerous other services just-don't-work
without functioning DNS anyway. I'd say the network-minus-DNS is pretty
much irrelevant in the real world.
> In fact with DNS problems we'd be pretty much crippled.
> I'd use IPv6 if the addresses weren't so hard to remember.
More information about the CentOS
mailing list