[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-vandevelde-v6ops-nap-01.txt - "maybe add a bit more on proxy servers ..."

To: "EricLKlein" <ericlklein@softhome.net>
Subject: Re: draft-vandevelde-v6ops-nap-01.txt - "maybe add a bit more on proxy servers ..."
From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
Date: Sat, 19 Mar 2005 15:20:09 +1030
Cc: v6ops@ops.ietf.org
In-reply-to: <002501c52bae$e91ec960$0201a8c0@ttitelecom.com>
References: <200503170321.j2H3LcwT028094@hestia.native6.com> <20050318175522.2877bd86.ipng@69706e6720323030352d30312d31340a.nosense.org> <002501c52bae$e91ec960$0201a8c0@ttitelecom.com>

Hi Eric,

On Fri, 18 Mar 2005 13:37:46 +0200
"EricLKlein" <ericlklein@softhome.net> wrote:

> Mark Smith wrote
> > Specific topology hiding mechanisms such as NAT or Proxys aren't that
> > useful in IPv6, as, due to the size of the IPv6 address space, topology
> > discovery techniques such as "sweep pings" become impractical. Tony Hain
> > pointed this out a while back on the IPv6 mailing list. For example,
> > (and I've explored this a bit more at
> > http://www.circleid.com/article.php?id=805_0_1_0_C/ ), assuming the
> > ability to sweep ping 100 IPv6 addresses per second on a /64, and
> > assuming a hit within the first 50%, it would take 2 924 712 086.77
> > years to find a single host. Of course, the odds go up with more hosts,
> > however, the time to sweep ping would still be impractical.
> 
> This might be true in theory, but in practice it is usually not. In my 
> experience you can scan the first 20 IP addresses in a subnet and you are 
> likely to get at least 5 to 10 hits. This is not inherent in the protocol, 
> but tends to be part of human nature. Network Admins tend (in an enterprise 
> setting) to like to number things sequentially as it makes it easier for 
> them to maintain the address pool and to monitor hardware. So unless they 
> work 100% with DHCP and it is set to random, there will be many fixed 
> devices (printers, application servers, etc) that reside in that first 20 
> addresses.

I'd agree in IPv4 that is common. In IPv6, I'd suggest less so, although
I am assuming that the most common address allocation method would be
based on EUI-64s, making end node addresses would be far less
predictable. If that is still too predictable, I've understood that
enabling Privacy Extensions should elminate all predictability.

Of course, if people implement stateful addressing, then I would expect
the sort of allocation ordering you're describing. That may be likely in
enterprises, and "easy of topology discovery" should possibly be
something enterprises will need to keep in mind as a risk if they choose
to implement stateful addressing.

Regards,
Mark.

-- 

    The Internet's nature is peer to peer.

References:
- draft-vandevelde-v6ops-nap-01.txt - "maybe add a bit more on proxy servers ..."
  - From: "John Spence, CCSI, CCNA, CISSP" <jspence@native6.com>
- Re: draft-vandevelde-v6ops-nap-01.txt - "maybe add a bit more on proxy servers ..."
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
- Re: draft-vandevelde-v6ops-nap-01.txt - "maybe add a bit more on proxy servers ..."
  - From: "EricLKlein" <ericlklein@softhome.net>

Prev by Date: Re: draft-vandevelde-v6ops-nap-01.txt - "maybe add a bit more on proxy servers ..."
Next by Date: Re: draft-vandevelde-v6ops-nap-01.txt - "maybe add a bit more on proxy servers ..."
Previous by thread: Re: draft-vandevelde-v6ops-nap-01.txt - "maybe add a bit more on proxy servers ..."
Next by thread: RE: draft-vandevelde-v6ops-nap-01.txt - "maybe add a bit more on proxy servers ..."
Index(es):
- Date
- Thread