| T.R | Title | User | Personal Name
 | Date | Lines | 
|---|
| 1742.1 | err.. | ANNECY::HOTCHKISS |  | Tue Jan 28 1997 06:32 | 3 | 
|  |     ..quiet in here,ain't it John ?
    
    :-)
 | 
| 1742.2 | IP address/subnet management tool? | WOTVAX::2h0533.olo.dec.com::Tim_Banks | [email protected] | Wed Jan 29 1997 04:40 | 18 | 
|  | I know this is not strictly a firewall topic, but folk who read this
conference may have come across this.....
Has anyone come across a software/application tool for managing the 
allocation of IP addresses and subnets?  I need this for a global customer 
project I am working on, so that we can keep a central record of address 
allocation, but distribute the allocation function to regional network 
managers.
I have some ideas of how to write one using Web Browsers, SQL and a 
database of some kind, but I have a gut feel that I am re-inventing the 
wheel.
	Thanks
		Tim
x-posted Internet Tools
 | 
| 1742.3 |  | QUICHE::PITT | Alph a ha is better than no VAX! | Wed Jan 29 1997 04:48 | 4 | 
|  | I strongly suspect that most customers use DNS as this database... or have I
missed the point of what you're looking for?
T
 | 
| 1742.4 | IPv6 and Security Policies | GALVIA::SMITH |  | Wed Jan 29 1997 06:23 | 26 | 
|  |     I agree that there are quite a few issues looming in this space. And
    the firewall product will need some extensive work to ensure that it
    will function correctly in an environment running IPv6. To a large
    degree it will continue to rely on o/s support and until the o/s
    implements this support, the product will not support IPv6 either. I
    would also expect that market pull (or lack of it) will also have an
    effect.
    
    Regarding the specific issues you raised, most if not all relate to the
    ability to dynamically allocate and modify addresses and routing
    information. Clearly this is something firewall admins try to avoid as
    it creates the significant possibility that someone unauthorised could
    gain access. I would expect that cryptographic means will start to be
    used more to guarantee identity and the security of individual
    connections and it is possible that the firewall will start to play
    less of a role in this respect. The alternative is that firewall
    operators will effectively block the ability to reconfigure so that
    they can ensure the security of a given networks connection(s). In
    short, the first thing we need to do is have a debate on the security
    policies we need to guide how we secure an IPv6 based network. The
    technical aspect will then follow on from this and should not present
    serious difficulties.
    
    Mark
    
    Maybe you could kick the debate off formally Stuart!!
 | 
| 1742.5 | .2 = finger trouble | WOTVAX::pc0653.olo.dec.com::Tim_Banks |  | Wed Jan 29 1997 12:05 | 9 | 
|  | Sorry, RE: .2 finger trouble, should have gone in as a new note.
Tony, the tool I am looking for automates the allocation of addresses, once 
that has been done, DNS can track the name/address match - but you still need 
a procedure and system to ensure that the allocation is done correctly.
However if that tool could write named zone files as well.......
	Tim
 | 
| 1742.6 |  | QUICHE::PITT | Alph a ha is better than no VAX! | Wed Jan 29 1997 12:19 | 6 | 
|  | What I mean, Tim, is that if you manually maintain the appropriate file(s) in
the /etc/namedb/src directory, then the /etc/named/Makefile will create the zone
files for you.  Of course whether they will contain exactly what you want is
another matter ...
T
 |