On 2009-04-10 09:53, james woodyatt wrote: ... > Actually, a PI prefix doesn't make the problem go away. Apple has a PI > prefix now: 2620:0:1b00::/45, and our IS&T managers are *still* planning > to deploy IPv6/NAT boxes to facilitate separation of traffic for > public-facing services and B2B extranet services.
Sigh. It defeats me why people believe this will create less admin work and less likelihood of errors than a set of ACLs in the border routers. > > Furthermore, now is probably a good time to note what my IS&T contact > told me about NAT66's constraint of /48 for the maximum prefix length > for the NAT range: it's unacceptably short, and they're insisting that > vendors need to have an IPv6/NAT solution that operates with prefixes up > to /64 at minimum. I'm given to understand that official communications > to that effect have already been sent to several vendors, but I have not > seen them. I fully agree that /64 is needed. The IPv6 addressing architecture really leaves no choice on that. Brian _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
