Author Archives: Enno

RFC 9099 / Intro & Overview

Recently RFC 9099 Operational Security Considerations for IPv6 Networks was published. It was authored by Éric Vyncke,  Kiran Kumar ‘KK’ Chittimaneni, Merike Kaeo und myself, and we plan to write a little series on its objectives & main recommendations on the APNIC Blog. To prepare for that let me provide a short overview of itContinue reading “RFC 9099 / Intro & Overview”

IPv6 in Enterprise Wi-Fi Networks

At first I wish all readers a very happy new year and all the best for 2022! May the force be with you for your IPv6 efforts ;-). In this post I’m going to discuss some characteristics of IPv6 in common organization-level (as opposed to home networks) Wi-Fi deployments. These characteristics have to be keptContinue reading “IPv6 in Enterprise Wi-Fi Networks”

Disaggregated Security Enforcement / Self-service ACLs

In large environments security controls based on packet filtering, such as firewalls and ACLs on network devices, often face an unfortunate dilemma: there’s a gap between the parties understanding the communication needs of an application (say: the application owners) and the parties implementing the actual security enforcement (e.g. the firewall ops team). Those also haveContinue reading “Disaggregated Security Enforcement / Self-service ACLs”

The Role of IP Addresses in Security Processes

Reflecting on IP addresses, and about factors contributing to having a proper inventory of active ones, recently led me to putting up a Twitter poll. Here are the results: Looking at these numbers it seems that quite a few organizations struggle with maintaining a more or less accurate inventory of active addresses in their networks.Continue reading “The Role of IP Addresses in Security Processes”

IPv6 Duplicate Address Detection

In this post I’ll take a closer look at IPv6 Duplicate Address Detection (aka ‘DAD’, which evidently bears all of types of jokes and wordplays). While the general mechanism should be roughly familiar to everybody working with IPv6 there are some interesting intricacies under the hood, some of which might even have operational implications. DADContinue reading “IPv6 Duplicate Address Detection”

Notes from the UK IPv6 Council Annual Meeting 2020

Today the UK IPv6 Council held their annual meeting. These have been great events for many years (e.g. see 2019, 2018, 2017). Many thanks to Veronika McKillop and Tim Chown for organizing it! In the following I’ll discuss some of the talks (full agenda here). Colin Donohue & Ian Hallissy: The AIT Experience with IPv6Continue reading “Notes from the UK IPv6 Council Annual Meeting 2020”