Managing first-hop router complexity with an IPv6 prefix
This week, bloggers explore IPv6 prefix complexities, the reasons behind high turnover among CISOs and whether the adage 'just reboot it' holds true with advanced wireless LANs.
Ivan Pepelnjak, blogging in IPSpace, looked into RFC 8273 published by the Internet Engineering Task Force in December 2017. The RFC describes a process in which a first-hop router allocates a unique IPv6 prefix for each host attached to a subnet and sends responses to Unicast MAC addresses to indicate that each host is the only host on its subnet. Pepelnjak said the complex IPv6 prefix process seems baffling. "Unfortunately, there are good reasons we need this monstrosity," he said.
According to Pepelnjak, to meet legal requirements, internet service providers (ISPs) need to be able to identify unique customers by their IPv6 addresses. ISPs cannot use the identity association for non-temporary addresses provision of version 6 of the Dynamic Host Configuration Protocol to control address allocation. As for the results of the idea of using a unique IPv6 prefix for every host, Pepelnjak said it wastes half of the address bits. On the other hand, the ideas presented in RFC 8273 keep the client stack simpler because DHCPv6 isn't needed, but they don't reduce complexity for the first-hop router.
Read more of Pepelnjak's ideas on IPv6 prefix usage.
Why CISOs change jobs so often
Jon Oltsik, an analyst at Enterprise Strategy Group in Milford, Mass., began 2018 with a blog about turnover among chief information security officers (CISOs). The effectiveness of CISOs determines the success of cybersecurity initiatives at many organizations. However, studies suggest the average CISO tenure is as little as one to two years. ESG research with ISSA found that 38% of CISOs change jobs because they are offered higher compensation packages elsewhere. The survey gathered data from 343 CISOs.
The survey also found 36% of CISOs leave because an organization's culture isn't focused on cybersecurity. In other cases, CISOs left because they weren't included in executive management or in decisions by the board of directors or because cybersecurity budgets weren't commensurate with the size of an organization. "Clearly, money matters to CISOs but they also want to work for executives who are willing to fund, participate in, and cheerlead cybersecurity efforts across the entire organization. In lieu of this commitment, the CISO is as good as gone," Oltsik added.
Dig deeper into Oltsik's thoughts on CISO turnover.
When rebooting isn't enough
Lee Badman, writing in WiredNot, said the old adage of "just reboot it" is usually innocuous advice when trouble crops up with a piece of technology. From smartphones to automatic transmissions, the advice often holds true. "But when it comes to expensive, supposedly high-end networking components, should we have the same tolerance for the need to reboot as a 'fix'?" he said. Rebooting an important network component could result in hundreds of clients losing service.
When it comes to rebooting, Badman said that some leading wireless LAN (WLAN) systems require an access point (AP) reboot to enact a config change. Rebooting APs is needed when traffic stalls in a cell and when the relationship between radios breaks down. With some remote office switches, a code upgrade often means the switch won't restart. The only answer is to manually power cycle the switch, which often involves sending an engineer to an underserved remote office. "I'm willing to occasionally reboot my consumer-grade gadgetry, but that allowance generally does not extend to work where real dollars get spent on beefy equipment. Sadly, too much enterprise-grade networking gear is starting to feel like it belongs on the shelves of Wal-Mart based on its code quality," Badman said.
Explore more of Badman's ideas about rebooting to resolve WLAN issues.