| Author |
 Topic  |
|
|
jadgate
Major Contributor
USA
918 Posts
Status: offline |
 Posted - 09/10/2011 : 10:03:44 AM
|
Mark-
I've started listening to this and just gotten to the section on DHCP updates where you mention support for IPV6.
Previously, I had understood that IPV6 did not have private address spaces like IPV4 (e.g. 10.x.x.x, 172.16.xx, and 192.168.x.x), but it turns that is not the case, there is room reserved for private non-Internet routable IP addresses under RFC4193. From Wikipedia:
::/7 for this block which is divided into two /8 blocks with different implied policies
http://tools.ietf.org/html/rfc4193
My questions to you:
1. Does Microsoft's implementation of IPV6 within the R2 DHCP support RFC 4193? It's not clear from your CD. Its implied in your book on R2 on page 233 as part of the IPV6 network stack implemented within R2, but not clear there (I haven't read the whole book but it came up in a google search for RFC4193 support and Server 2008 R2).
2. If it is, do you think that this (private address spaces) will be implemented and addresses assigned via DHCP when/where IPV6 is is wide use? In particular, I would think that cell phone networks or other large scale networks be able to leverage this? I know that the joke now is that there are only 3 IPV6 networks, but with the proliferation of mobile devices, IPV4 gonna have to be left behind at some point. If I were a network admin, I'd still want to segment my internal network with a private address space, if it's available in IPV6, just as I can with IPV4.
Later,
Jim
|
James Adgate, CISSP
IT Auditor and Compliance Specialist
Data Loss Prevention (DLP)
IT Security Policy and Risk Mitigation for Enterprises
http://linkedin.com/in/jamesadgatech
|
Edited by - jadgate on 09/19/2011 09:15:48 AM |
|
|
Mark Minasi
Chief cook and bottle washer
USA
10658 Posts
Status: offline |
Posted - 09/17/2011 : 8:43:30 PM
|
| Hi Jim -- the only thing about the FD00 block is that it's border routers won't route them... Beyond that, the RFC doesn't say much. |
Mark
tweetin' at mminasi |
 |
|
|
jadgate
Major Contributor
USA
918 Posts
Status: offline |
Posted - 09/21/2011 : 1:09:23 PM
|
Ok, just so this is clear:
- in effect, addresses in the IPV6 FD00 or ::/7 block are considered to be a "private" addresses because routers configured to handle IPV6 traffic won't forward packets from their addresses to the Internet?
I guess that this assumes the network hardware complies with the the RFC standards, which might be a a big if (unless the bigger players like Cisco already have this stuff baked in)
Later,
Jim
|
James Adgate, CISSP
IT Auditor and Compliance Specialist
Data Loss Prevention (DLP)
IT Security Policy and Risk Mitigation for Enterprises
http://linkedin.com/in/jamesadgatech
|
Edited by - jadgate on 09/21/2011 1:10:12 PM |
|
|
|
Mark Minasi
Chief cook and bottle washer
USA
10658 Posts
Status: offline |
Posted - 09/27/2011 : 8:23:27 PM
|
No, actually it's easier than that.
From the git-go, routable IPv6 addresses MUST start with 2 or 3. Everything else gets dropped on the floor by border routers.
The FD00 stuff was just for dopes who couldn't handle the fact that they could finally throw that NAT garbage away. It's generally considered by everyone I've ever talked to as a blanket for retarded network administrators to suck on for security.<g> |
Mark
tweetin' at mminasi |
|
|
| |
Topic |
|
|
|
Server R2 CD (and Book) - ? on IPV6 and DHCP
