[Users] Kernel panic in nf_conntrack_ipv6 IPv6 Firewall 2.6.27-aivazovsky

John Drescher drescherjm at gmail.com
Mon Jan 19 16:52:31 EST 2009


On Mon, Jan 19, 2009 at 4:49 PM, Michael H. Warfield <mhw at wittsend.com> wrote:
> On Mon, 2009-01-19 at 16:31 -0500, John Drescher wrote:
>> >        Just don't load the IPv6 contracking module.  Disabling IPv6 is really
>> > no longer an option and we might as well get use to it.  IPv4 address
>> > space run-out is now within the foreseeable future (ICANN and the RIR's
>> > have no settled on the allocation of the FINAL /8's and some locals will
>> > be out within the next year or two).  I've been operational on the
>> > global IPv6 network for well over 7 years now and there's just no more
>> > excuse for this "head in the sand" approach to IPv6.
>> >
>> I usually disable ipv6 because all of my gigabit switches at work do
>> not support ipv6 without a firmware update and I am not sure that all
>> of them have firmware updates.
>
>        That doesn't make sense.  IPv6 is a higher layer protocol.   Switches
> will bridge and span based on MAC addresses on the link layer regardless
> of the IP layer version.  I have yet to see a switch not pass native
> IPv6 properly (much less tunneled IPv6 in all its myriad forms).  Even
> my consumer level Linksys wireless router handles IPv6 properly (in
> bridging mode).  I was advertising IPv6 routes across our Cisco
> switching fabric at work ages ago.  It doesn't know or care about higher
> levels.  Routers are another matter.  Switches are nothing.  Test it.
> I'll bet you discover it just works.  I do routinely and I always do.
>
>        OTOH...  If they are managed switches, they might not recognize IPv6
> for their management ports.  THAT may be what you need your firmware
> update for.
>
Yes some are managed.
>
>        I have yet to find a single spot on the Internet where I could not get
> to IPv6 (including several cruise ships at sea), one way or the other
> (yes, I have lots of tunneling tricks - they work real easy).  After
> presenting what to look for in some of my talks on the subject, people
> have come back to me saying they had seen that on their networks for
> ages and just didn't know what it was.
>
>        Right now...  According to Google, the US ranks 6th, in IPv6 adoption
> as measured by their test project where they tested to see what clients
> would preferentially connect to their IPv6 service (#1 was Russia -
> maybe because of the hackers which are exploiting it to take advantage
> of those who think they can ignore it).  Main source of US traffic on
> IPv6 was Mac's, which have IPv6 and 6to4 enabled in Mac OS X.  Windows
> XP has it (plus Teredo) available with only a couple of mouse clicks and
> Windows Vista and Windows 7 have it enabled with no way to disable (and
> had Teredo enabled as well).
>

Thanks for the detailed response.
John


More information about the Users mailing list