Comment by denkmoon

12 hours ago

Invoking NAT "security" as a reason against IPv6 is a surefire indicator the person invoking it has absolutely no idea what they're talking about and should not be allowed within typing distance of any network infrastructure

6 comments

denkmoon

tptacek 11 hours ago

As a reason not to IPv6? I guess. As a thing, not scare-quoted, but really security? No. Be careful with things like "absolutely no idea what they're talking about".

cyberax 7 hours ago

I don't think that the inherent security of NATs is a _good_ reason to not do IPv6.
But it _is_ a reason, and it _is_ true.

cyberax 7 hours ago

Please. _I_ invoked that argument, and I bet I know more about IPv6 than you do.

All my services and networks have IPv6. And my first operational issues with IPv6 were in 2008, when my Asterisk SIP server started failing after ~12 hours.

Culprit? Privacy addresses kept accumulating until they overflowed the SIP UDP packet size because it listed all the combinations of supported codecs/endpoints.

Oh, btw, do try to answer this message: https://www.reddit.com/r/VOIP/comments/131ex1x/ipv6_sip_trun... - it's still relevant to this day.

rnhmjoj 26 minutes ago

You should have just disabled temporary addresses, they don't make a lot of sense on a server.
denkmoon 5 hours ago

Having read and considered your position I see no reason to update my opinion.