Hi, Thus wrote Ahmed Abu-Abed (ahmed@tamkien.com):
Arguing that practically nobody would want their CPE to do IPSEC because everybody does host based IPSEC would be a better approach, but I would offer that that's going to be patently untrue if you look at company users and not private-person-residential users.
Many company users have a VPN client setup on their PC which should not need IPSEC on the CPE to work.
So a company with two locations solves "the people at one location need to be able to access resources at the other location" by having the single PCs open a VPN connection .. where to exactly? So a company with several hundred locations with a local LAN each has several dozen PCs from each location open VPNs to a concentrator (instead of having the CPE open one connection for the entire LAN) and no useful way to get from location A to location B, nor even a useful way for central IT to get at the machines in the single locations? Neither of these scenarios is even remotely rare. The very first sentence of RIPE-501 v2 is: "To ensure the smooth and cost-efficient uptake of IPv6 across their networks, it is important that governments and large enterprises specify requirements for IPv6 compatibility when seeking tenders for Information and Communication Technology (ICT) equipment and support." "governments and large enterprises" not "John&Mary Smith, private residence" Throwing out a bog standard requirement for companies of almost any size because a family household will likely not need it in their CPE strikes me as missing the point. By a mile. regards, spz -- spz@serpens.de (S.P.Zeidler)