World IPv6 Launch Day Underway 236
Posted
by
Unknown Lamer
from the it's-finally-1999 dept.
from the it's-finally-1999 dept.
A number of readers have written in with stories related to today's permanent rollout of IPv6 by several major organizations. From the looks of it, for the 1% or so of end users with IPv6 support, everything is going smoothly. For those not so lucky to have IPv6 already, an anonymous reader writes with (mostly) good news: 60% of ISPs intend to enable IPv6 by the end of 2012. For business users, darthcamaro provides some words of caution: "...the Chief Security Officer of VeriSign doesn't think IPv6 should be turned on by a whole lot of people. The problem is network security devices in many cases don't scan IPv6. So if you turn IPv6 on, you're screwed.
'If you don't have that visibility into IPv6, you should probably consider explicitly disabling IPv6 on your systems until you can take a very concerted approach to enabling IPv6 in a secure manner,' McPherson said."
Verisign != Verisign (Score:5, Informative)
Re:It will be a pain in the ass to remember... (Score:5, Informative)
Google for this thing called 'DNS' it has been around for a while....
Re:I am the 1% (Score:2, Informative)
No you are not... at most you are the 0.5% with IPv6, I have it to!
REally.... (Score:4, Informative)
"The problem is network security devices in many cases don't scan IPv6. So if you turn IPv6 on, you're screwed."
Funny, The ones here do. In fact the last firebox update said it covered ipV6.
What out of date garbage are people running out there that will not scan ipV6?
Re:It will be a pain in the ass to remember... (Score:5, Informative)
You have many options, DHCP6, you don't have to use autoconfigure you can still assign all nice consecutive address to each machine if you like. Setup DNS that actually works and use the host names. Best yet and actually probably the easiest to do and still be secure both (dhcp6 server can do the DNS updates so the hosts don't need to).
This is not that difficult, and if you think it is you are in the wrong industry.
Re:It will be a pain in the ass to remember... (Score:5, Informative)
This is IPv6 Launch day. He needs to go to 2a00:1450:4016:801::1000
Re:It will be a pain in the ass to remember... (Score:5, Informative)
Doing a reverse lookup for every goddamn IP I ever see would be completely impractical.
Hyperbole much? Recognizing IPv6 addresses is not that different from recognizing IPv4 ones, especially if you assign local parts manually, which you should do for the servers instead of relying on autoconfiguration, for reasons which should be obvious. So, 2001:db8:0:1001::4 is...?
With a bit of practice, parsing the IPv6 addresses you deal with frequently will become second nature. If it doesn't, then maybe you're not such a hot network admin.