Re: WG Last Call: draft-ietf-v6ops-isp-scenarios-analysis-01.txt

[Ronald van der Pol <Ronald.vanderPol@rvdp.org>]

On Tue, Feb 10, 2004 at 10:26:07 +0100, Mikael.Lind@teliasonera.com wrote:

> > In section 5.2 it might be useful to explicitly describe the situation
> > where a service is limited by ACLs to e.g. customers. When upgrading
> > this service to dual-stack, the corresponding IPv6 ACLs should be
> > added to avoid exposing the service worldwide. So, I am thinking
> > about prefix filtering and "allow all" defaults.
> 
> I think this is partially mentioned in 5.5 although nothing is mentioned
> about filtering of traffic going to the customer.

I was thinking about news, streaming, etc servers that are available
to customers only. This might be implemened with ACLs, giving access
only to traffic with source prefixes belonging to customers. If IPv6
has "allow all" default (e.g. no ACLs), anyone can reach these services
via IPv6 transport. Maybe this could be generalized with a recommendation:
"each IPv4 ACL should probably have its corresponding IPv6 ACL". The
difficult part is to keep both ACLs consistent :-)

	rvdp