Hi, Every once in a while, someone important comes up with a scary story about IPv4 space exhaustion. So far so good, raising awareness about this issue is positive.
Then people get all hyped up about IPv6. Cool, lots of techies and geeks like me love toying with new things, and IPv6 is not too hard to understand nor implement. But then everyone realizes that IPv6 will only be really useful once everyone has it and everyone is reachable from any IPv6-only connected host. This leads to two possible behaviors : * One just thinks "I'll look at IPv6 once everyone else already has, since there is no point in doing it sooner." * Or one thinks "I'll implement new IPv6 networks on top of our existing IPv4 networks, get it all dual-stacked, and hopefully contribute to bootstraping the whole IPv6 adoption." I'm from that second group. I've learned what I need to know about IPv6 and did quite a bit of testing. But I've never managed to get IPv6 into production on any of the infrastructures I manage. Why? ip6tables doesn't support NAT. It's that simple. I know the reasons for the lack of NAT support, which are given over and over again. But here is my real world issue with them : All of the networks I manage have at least one or more points where multiple hosts are connected with a single network interface to a network which is not routed to the outside, but translated instead. Some other hosts have two interfaces and are connected to both this private/internal network and to another where they have routable IPv4 addresses. Given the above : * It would be trivial to define a 1:1 mapping between existing IPv4 networks and new IPv6 networks (both routable and private) *IF* I could just copy and slightly adapt all iptables rules to ip6tables rules. * It is *NOT* trivial to rethink the entire network topology in order to have all hosts with IPv6 and no NAT at all : IPv6 routing is needed where no IPv4 routing was present (only translation), and existing hosts which were previously unreachable from the Internet would become reachable by default through IPv6, creating new annoyances such as ssh hammering, requiring inbound filtering where none was previously needed. My personal conclusion is that while netfilter developers have a point in not wanting to implement NAT for IPv6 in order to get a cleaner and more routable Internet, sys/netadmins like me relying heavily on GNU/Linux would have deployed IPv6 already if easy 1:1 scenarios for typical infrastructures were available. I'd be curious to know what others think of this, read experiences, from the Enterprise side. Did you already deploy IPv6 on existing RHEL-based infrastructures? Onto new infrastructures? How do you deal with existing IPv4 NAT situations? Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 14 (Laughlin) - Linux kernel 2.6.35.10-72.fc14.x86_64 Load : 0.00 0.04 0.13 _______________________________________________ rhelv6-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv6-list
