[Users] Kernel panic in nf_conntrack_ipv6 IPv6 Firewall
2.6.27-aivazovsky
John Drescher
drescherjm at gmail.com
Mon Jan 19 16:52:31 EST 2009
On Mon, Jan 19, 2009 at 4:49 PM, Michael H. Warfield <mhw at wittsend.com> wrote:
> On Mon, 2009-01-19 at 16:31 -0500, John Drescher wrote:
>> > Just don't load the IPv6 contracking module. Disabling IPv6 is really
>> > no longer an option and we might as well get use to it. IPv4 address
>> > space run-out is now within the foreseeable future (ICANN and the RIR's
>> > have no settled on the allocation of the FINAL /8's and some locals will
>> > be out within the next year or two). I've been operational on the
>> > global IPv6 network for well over 7 years now and there's just no more
>> > excuse for this "head in the sand" approach to IPv6.
>> >
>> I usually disable ipv6 because all of my gigabit switches at work do
>> not support ipv6 without a firmware update and I am not sure that all
>> of them have firmware updates.
>
> That doesn't make sense. IPv6 is a higher layer protocol. Switches
> will bridge and span based on MAC addresses on the link layer regardless
> of the IP layer version. I have yet to see a switch not pass native
> IPv6 properly (much less tunneled IPv6 in all its myriad forms). Even
> my consumer level Linksys wireless router handles IPv6 properly (in
> bridging mode). I was advertising IPv6 routes across our Cisco
> switching fabric at work ages ago. It doesn't know or care about higher
> levels. Routers are another matter. Switches are nothing. Test it.
> I'll bet you discover it just works. I do routinely and I always do.
>
> OTOH... If they are managed switches, they might not recognize IPv6
> for their management ports. THAT may be what you need your firmware
> update for.
>
Yes some are managed.
>
> I have yet to find a single spot on the Internet where I could not get
> to IPv6 (including several cruise ships at sea), one way or the other
> (yes, I have lots of tunneling tricks - they work real easy). After
> presenting what to look for in some of my talks on the subject, people
> have come back to me saying they had seen that on their networks for
> ages and just didn't know what it was.
>
> Right now... According to Google, the US ranks 6th, in IPv6 adoption
> as measured by their test project where they tested to see what clients
> would preferentially connect to their IPv6 service (#1 was Russia -
> maybe because of the hackers which are exploiting it to take advantage
> of those who think they can ignore it). Main source of US traffic on
> IPv6 was Mac's, which have IPv6 and 6to4 enabled in Mac OS X. Windows
> XP has it (plus Teredo) available with only a couple of mouse clicks and
> Windows Vista and Windows 7 have it enabled with no way to disable (and
> had Teredo enabled as well).
>
Thanks for the detailed response.
John
More information about the Users
mailing list