Last week I attended the IETF 113 meeting in Vienna. I primarily went there to reconnect in person with some old IPv6 fellows, but also to see what’s going on in the IPv6 standardization space which I hadn’t been following closely in recent times. In this post I’ll shortly summarize some contributions presented in theContinue reading “IETF 113”
Author Archives: Enno
RFC 9099 / Intro & Overview
Recently RFC 9099 Operational Security Considerations for IPv6 Networks was published. It was authored by Éric Vyncke, Kiran Kumar ‘KK’ Chittimaneni, Merike Kaeo und myself, and we plan to write a little series on its objectives & main recommendations on the APNIC Blog. To prepare for that let me provide a short overview of itContinue reading “RFC 9099 / Intro & Overview”
IPv6 in Enterprise Wi-Fi Networks
At first I wish all readers a very happy new year and all the best for 2022! May the force be with you for your IPv6 efforts ;-). In this post I’m going to discuss some characteristics of IPv6 in common organization-level (as opposed to home networks) Wi-Fi deployments. These characteristics have to be keptContinue reading “IPv6 in Enterprise Wi-Fi Networks”
Disaggregated Security Enforcement / Self-service ACLs
In large environments security controls based on packet filtering, such as firewalls and ACLs on network devices, often face an unfortunate dilemma: there’s a gap between the parties understanding the communication needs of an application (say: the application owners) and the parties implementing the actual security enforcement (e.g. the firewall ops team). Those also haveContinue reading “Disaggregated Security Enforcement / Self-service ACLs”
IPv6 Reporting
I know that some of the readers of this blog are IPv6 cheerleaders in their respective organizations, and as such they might occasionally face questions along the lines of “what’s the state of IPv6 in our company?” or “are we progressing IPv6-wise?” (the latter in particular when dedicated resources are spent on the IPv6 transitionContinue reading “IPv6 Reporting”
The Role of IP Addresses in Security Processes
Reflecting on IP addresses, and about factors contributing to having a proper inventory of active ones, recently led me to putting up a Twitter poll. Here are the results: Looking at these numbers it seems that quite a few organizations struggle with maintaining a more or less accurate inventory of active addresses in their networks.Continue reading “The Role of IP Addresses in Security Processes”
Quick Intro to IPv6
This post strives to provide an overview where (and why) IPv6 is different from IPv4. The intended audience are folks with a solid understanding of IPv4 but not too much exposure to IPv6 so far (I hear such an audience still exists ;-), and the post is intentionally kept short (regular readers of this blogContinue reading “Quick Intro to IPv6”
IPv6 Duplicate Address Detection
In this post I’ll take a closer look at IPv6 Duplicate Address Detection (aka ‘DAD’, which evidently bears all of types of jokes and wordplays). While the general mechanism should be roughly familiar to everybody working with IPv6 there are some interesting intricacies under the hood, some of which might even have operational implications. DADContinue reading “IPv6 Duplicate Address Detection”
A Holistic Look on SLAAC and DHCPv6
At first a very happy new year to all readers, and all the best for 2021! While I wrote a few posts about IPv6-related topics in the past – for many years here and later on the present blog – it seems I never contributed to the ‘classic SLAAC vs. DHCPv6’ debate, besides documenting theContinue reading “A Holistic Look on SLAAC and DHCPv6”
Notes from the UK IPv6 Council Annual Meeting 2020
Today the UK IPv6 Council held their annual meeting. These have been great events for many years (e.g. see 2019, 2018, 2017). Many thanks to Veronika McKillop and Tim Chown for organizing it! In the following I’ll discuss some of the talks (full agenda here). Colin Donohue & Ian Hallissy: The AIT Experience with IPv6Continue reading “Notes from the UK IPv6 Council Annual Meeting 2020”
IPv6 Security Best Practices
That’s an ambitious title, from many regards.Still, late 2020 might finally be time that we, as the IPv6 community, try to come up with a set of simple IPv6 security best practices to be used both as guidance and in a checklist manner.One of the earliest of such efforts goes back to my friend EricContinue reading “IPv6 Security Best Practices”