[6bone] Is minimum allocation /64 now?

Jørgen Hovland jorgen@hovland.cx
Sat, 25 Oct 2003 12:11:35 +0100


>From: "Jeroen Massar" <jeroen@unfix.org>
> Dan Reeder [mailto:dan@reeder.name] wrote:
>
> > I think you've misinterpreted his comments Jeroen
>
> 1 user, not 1 endsite, not 1 ptp tunnel.
> If it where a "enduser product" there would be going
> a /48 to that enduser.
>
> > To me it merely meant a /126 ("single user endpoint") as a
> > means to reach a customer's /48 or /64 prefix.

Yes. P2P/Single user: A media used by only 1 machine (+ the remote).
My intentions are not to restrict the customer from recieving a /64 for the
LAN behind the P2P link, but to hand out a /64 per machine or device that
should never have more than 1 machine. That's why I asked if we need to use
ip filter in the future.

> That simply is requiring the user to NAT and not giving
> them full internet access. NAT as 'security' is bullshit
> If you want to give them 'security' then offer a standard
> firewalling service like many ISP's do. And of course if
> you do offer it also offer the option to turn it off for
> the clued people.

You got to be joking?  NAT adds security. We do not even need to discuss
that.
"Standard firewalling" means NAT for very many. In almost all cases when a
customer of ours ask for  firewall, thats what they get from us because
thats what they meant.
I'm not saying that NAT is good, but thats what the majority use where I
come from.

Joergen Hovland ENK