On Jun 14, 2011, at 10:52 AM, Ray Soucy wrote: > It's a security and operational issue. > > The perception is that it's easier to monitor, manage, and filter one > address per host instead of 3. For most in the enterprise world it's > a non-starter to have that setup; even if that perception is a false > one. >
Yes... The key word there is perception. The question is whether it makes more sense to put effort into correcting mis-perceptions or to put the effort into providing workarounds which provide a sub-par networking experience to the end user. IMNSHO, it is better to put effort into education. I'm surprised to find someone from a .EDU on the opposite side of that thought. One would normally expect them to favor the idea of education over hackery. > Not sure I have the energy to re-hash the tired old NAT debate though. ;-) > That sound you hear is me breathing a sigh of relief. I will continue to do it as long as it remains necessary, but, I'm tired of it too. Owen > On Tue, Jun 14, 2011 at 1:38 PM, <valdis.kletni...@vt.edu> wrote: >> On Tue, 14 Jun 2011 13:04:11 EDT, Ray Soucy said: >> >>> A better solution; and the one I think that will be adopted in the >>> long term as soon as vendors come into the fold, is to swap out >>> RFC1918 with ULA addressing, and swap out PAT with NPT; then use >>> policy routing to handle load balancing and failover the way most >>> "dual WAN" multifunction firewalls do today. >>> >>> Example: >>> >>> Each provider provides a 48-bit prefix; >>> >>> Internally you use a ULA prefix; and setup prefix translation so that >>> the prefix gets swapped appropriately for each uplink interface. This >>> provides the benefits of "NAT" used today; without the drawback of >>> having to do funky port rewriting and restricting incoming traffic to >>> mapped assignments or UPnP. >> >> Why do people insist on creating solutions where each host has exactly one >> IPv6 >> address, instead of letting each host have *three* (in this case) - a ULA and >> two provider-prefixed addresses? >> > > > > -- > Ray Soucy > > Epic Communications Specialist > > Phone: +1 (207) 561-3526 > > Networkmaine, a Unit of the University of Maine System > http://www.networkmaine.net/
