20 Jun
2011
20 Jun
'11
11:53 a.m.
I think load balancers should be included; I know some universities who did not take part in W6D not because their web servers couldn't be made v6 ready, but because their load balancers could not.
... and some of us had to deploy NAT-PT on an obsolete router just to make 6-to-4 transition before hitting the 6-unaware LBs. Nasty. Agreed - LBs should be made part of the document.
Switches: - add RA-Guard (RFC 6105 I think)
Agreed. Absolutely mandatory for any somewhat-secure deployment.
Firewalls: - surprised SeND is optional
How many people are deploying SeND? Even in DMZ? Ivan