Skip to content
rule 11 reader
  • about
    • about me
    • mailing list
    • author page
    • rss feeds
  • reading
    • technology books
    • skills books
    • fiction books
    • philosophy & culture books
    • christian books
    • papers
    • worth reading
  • categories
    • career
      • career
      • design skills
      • communication skills
      • education
      • soft skills
      • troubleshooting skills
    • coding
    • complexity
    • culture
    • ddos
    • ipv6
    • other technologies
    • research
    • reviews
    • routing
      • bgp
      • bgp security
      • eigrp
      • is-is
      • ospf
      • mpls
      • other routing
    • security
    • standards
    • worth reading
    • content type
      • long video
      • long audio
      • short video
      • written
    • other
      • governance
      • humor
    • archive
  • the hedge
  • history
  • resources
    • my goodreads
    • my feedly
    • network icons
  • photos

On the ‘net: Fragmentation and IPv6

Does this mean we ban all filtering of traffic on the public Internet, imposing the end-to-end rule in earnest, leaving all security to the end hosts? This does seem to be the flavor of the original IPv6 discussions around stateful packet filters. This does not, however, seem like the most realistic option available; the stronger defense is not a single perfect wall, but rather a series of less than perfect walls. Defense in depth will beat a single firewall every time. Another alternative is to accept another bit of reality we often forget in the network engineering world: abstractions leak. The end-to-end principle describes a perfectly abstracted system capable of carrying traffic from one host to another, and a perfectly abstracted set of hosts between which traffic is being carried.

The full post can be read over at the ECI blog.

Related

Posted in IPV6, ON THE NET
← Reaction: Networks are not cars or cell phonesHanging Bridge →
© 2023 rule 11 reader | Powered by Beaver Builder
Scroll To Top