You could still use 4 for private networks that aren't going to connect out to somewhere, but that likely doesn't solve your problem.
Your example is probably why people aren't rushing to adopt - lots of people NAT and doing away with that requires a lot of network design work. Sent from my iPhone On Jan 12, 2011, at 7:27 AM, "Matthias Saou" <th...@spam.spam.spam.spam.spam.spam.spam.egg.and.spam.freshrpms.net> wrote: > Hi, > > Every once in a while, someone important comes up with a scary story > about IPv4 space exhaustion. So far so good, raising awareness about > this issue is positive. > > Then people get all hyped up about IPv6. Cool, lots of techies and > geeks like me love toying with new things, and IPv6 is not too hard to > understand nor implement. > > But then everyone realizes that IPv6 will only be really useful once > everyone has it and everyone is reachable from any IPv6-only connected > host. This leads to two possible behaviors : > > * One just thinks "I'll look at IPv6 once everyone else already has, > since there is no point in doing it sooner." > * Or one thinks "I'll implement new IPv6 networks on top of our > existing IPv4 networks, get it all dual-stacked, and hopefully > contribute to bootstraping the whole IPv6 adoption." > > I'm from that second group. I've learned what I need to know about > IPv6 and did quite a bit of testing. But I've never managed to get IPv6 > into production on any of the infrastructures I manage. > > Why? ip6tables doesn't support NAT. It's that simple. > > I know the reasons for the lack of NAT support, which are given over and > over again. But here is my real world issue with them : > All of the networks I manage have at least one or more points where > multiple hosts are connected with a single network interface to a > network which is not routed to the outside, but translated instead. > Some other hosts have two interfaces and are connected to both this > private/internal network and to another where they have routable IPv4 > addresses. > > Given the above : > * It would be trivial to define a 1:1 mapping between existing IPv4 > networks and new IPv6 networks (both routable and private) *IF* I > could just copy and slightly adapt all iptables rules to ip6tables > rules. > * It is *NOT* trivial to rethink the entire network topology in order > to have all hosts with IPv6 and no NAT at all : IPv6 routing is > needed where no IPv4 routing was present (only translation), and > existing hosts which were previously unreachable from the Internet > would become reachable by default through IPv6, creating new > annoyances such as ssh hammering, requiring inbound filtering where > none was previously needed. > > My personal conclusion is that while netfilter developers have a point > in not wanting to implement NAT for IPv6 in order to get a cleaner and > more routable Internet, sys/netadmins like me relying heavily on > GNU/Linux would have deployed IPv6 already if easy 1:1 scenarios for > typical infrastructures were available. > > I'd be curious to know what others think of this, read experiences, from > the Enterprise side. Did you already deploy IPv6 on existing RHEL-based > infrastructures? Onto new infrastructures? How do you deal with > existing IPv4 NAT situations? > > Matthias > > -- > Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ > Fedora release 14 (Laughlin) - Linux kernel 2.6.35.10-72.fc14.x86_64 > Load : 0.00 0.04 0.13 > > _______________________________________________ > rhelv6-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/rhelv6-list _______________________________________________ rhelv6-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv6-list
