APNIC Home APNIC Home
Info & FAQ |  Resource services |  Training |  Meetings |  Membership |  Documents |  Whois & Search |  Internet community

You're here:  Home  Mailing Lists global-v6 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [GLOBAL-V6]IPv6 Allocation Policy

Brian,


> Brian E Carpenter wrote:
> And people wonder why we say that state is evil, and
> distributed state is more evil.

No argument here.


> I don't think we should design policy for
> stateful firewalls.

We don't have a choice. Network administrators want firewalls. Actually,
they don't want firewalls, they WANT firewalls; they MUST HAVE a
firewall. 

This is a requirement; even if there were no technical reasons to have
one (and there are plenty of good ones) there is a hidden requirement
that says that one MUST operate a box with "firewall" written on the
front panel. I sometimes have a hard time explaining to some small
customers that a Cisco router running the FW/IDS feature set correctly
configured is a firewall because it's not labeled "firewall" on the
front bezel. One pre-sales guy suggested one time that we buy Pix 515
front bezels and replace the 2600 bezels with them.....

Now, if we could have stateless firewalls, I would not mind a bit.


> I think we're drifting away from the question of what the policy
> should say. The point, I think, was to ease the wording to allow
> for giving /32s in any case where common sense would allow it.

Or do nothing and keep the current system where RIRs make an exception
and assign space based on their best judgment of common sense.

Michel.