Question about migrating to IPv6 with multiple upstreams.
Ray Soucy
rps at maine.edu
Tue Jun 14 17:52:47 UTC 2011
It's a security and operational issue.
The perception is that it's easier to monitor, manage, and filter one
address per host instead of 3. For most in the enterprise world it's
a non-starter to have that setup; even if that perception is a false
one.
Not sure I have the energy to re-hash the tired old NAT debate though. ;-)
On Tue, Jun 14, 2011 at 1:38 PM, <Valdis.Kletnieks at vt.edu> wrote:
> On Tue, 14 Jun 2011 13:04:11 EDT, Ray Soucy said:
>
>> A better solution; and the one I think that will be adopted in the
>> long term as soon as vendors come into the fold, is to swap out
>> RFC1918 with ULA addressing, and swap out PAT with NPT; then use
>> policy routing to handle load balancing and failover the way most
>> "dual WAN" multifunction firewalls do today.
>>
>> Example:
>>
>> Each provider provides a 48-bit prefix;
>>
>> Internally you use a ULA prefix; and setup prefix translation so that
>> the prefix gets swapped appropriately for each uplink interface. This
>> provides the benefits of "NAT" used today; without the drawback of
>> having to do funky port rewriting and restricting incoming traffic to
>> mapped assignments or UPnP.
>
> Why do people insist on creating solutions where each host has exactly one IPv6
> address, instead of letting each host have *three* (in this case) - a ULA and
> two provider-prefixed addresses?
>
--
Ray Soucy
Epic Communications Specialist
Phone: +1 (207) 561-3526
Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/
More information about the NANOG
mailing list