> I suspect that the model of "ULA on the inside network and 6296 at the > border" is going to be a very common scenario for people who want to > avoid "the pain of renumbering," or who still mistakenly believe that > NAT is a security tool. In any case, that method will work essentially > the same way that your 1:1 NAT for IPv4 is working for you now.
Much more interesting I think is ULA + global prefix on the same link. When all "internal-only" services have ULAs in DNS then internal communication remains via stable ULA addressing. External communication can be via the global prefix addresses, and as long as these aren't in internal DNS then renumbering is less of a problem than it otherwise would be. _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
