This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/address-policy-wg@ripe.net/
[address-policy-wg] Commercial IPv6 firewall support
- Previous message (by thread): [address-policy-wg] Commercial IPv6 firewall support
- Next message (by thread): [address-policy-wg] Commercial IPv6 firewall support
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Nick Hilliard
nick at inex.ie
Sat Oct 27 16:25:41 CEST 2007
> Some people have claimed that they cannot yet sell > IPv6 Internet access because there is no IPv6 firewall > support. According to this ICANN study: > http://www.icann.org/committees/security/sac021.pdf > this is not quite true. At least 30% of the 42 vendors > surveyed, had IPv6 support. There is, of course, "support" and support when talking about any feature, whether ipv6 related or not. As a useful example of what "support" implies, the "support" from one of my firewall vendors includes basic support for ipv6 packet forwarding and filtering, but no support for configuring this from the GUI. And no support for failover / failback on ipv6. And no support for ospfv3. Or DHCPv6. Or v6 support for VPNs. And so on - you get the idea. There are piles more features which just aren't there if you use v6. In fact, I would suggest that there is such a large functionality gap between their ipv4 and ipv6 support right now, that even if they invested heavily between now and the current expected dates for ipv4 exhaustion, I seriously doubt that they would achieve feature parity, not to mind stability parity for these features. I have talked to them about this, and their opinion is that there is no commercial demand for ipv6, and therefore ipv6 feature parity is on the feature roadmap. And indeed, it is difficult for the organisation I work for to demand ipv6 support, when other companies can talk to their vendors with a EUR100m firewall / networking contract going a-begging. I have little doubt that this is the reason that MOP got re-enabled by default on a certain router vendor's products. Them: "We have EUR200m to spend and we want MOP enabled by default". Vendor: "Three bags full, sir". Me: "I want to you spend $50m in development costs to support ipv6, and then i'll buy some low end kit from you" Vendor: <laughs hysterically> Open source solutions tend to fare better in this regard. Lots of people may end up using them in a future ipv6 world, but you're not going to end up seeing F500 companies stampeding to replace their current high-end solutions with m0n0wall installations, just because they have more-or-less parity support for ipv4 and ipv6. There's a more interesting discussion of this of this linked from: http://www.arin.net/meetings/minutes/ARIN_XX/ppm.html See the talk entitled "IPv6 Support Among Commercial Firewalls", by Dave Piscitello. Nick -- Network Ability Ltd. | Technical Operations | Tel: +353 1 6169698 3 Westland Square | INEX - Internet Neutral | Fax: +353 1 6041981 Dublin 2, Ireland | Exchange Association | Email: nick at inex.ie
- Previous message (by thread): [address-policy-wg] Commercial IPv6 firewall support
- Next message (by thread): [address-policy-wg] Commercial IPv6 firewall support
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]