We our designing a new hosted exchange environment as well as Multi-Tenant Desktop as a Service environment and we are going to use IPv6 public address.
Cheers Ryan -----Original Message----- From: James Harr [mailto:james.h...@gmail.com] Sent: Wednesday, July 13, 2011 11:22 AM To: Joel Maslak Cc: nanog@nanog.org Subject: Re: best practices for management nets in IPv6 I couldn't agree more. If you set up private address space, it's going to come back and make more work for you later. Set up public IPv6 addresses. If you need stateful connection filtering, put in a stateful firewall. If you really really need address obfuscation, you can still do NAT, but NAT from public addresses to public a public address or pool of public addresses. If you ever need to turn off NAT, it's a lot easier than renumbering hundreds of machines and you always have the option of disabling it per-host instead of doing an all-or-nothing transition. On Tue, Jul 12, 2011 at 7:32 PM, Joel Maslak <jmas...@antelope.net> wrote: > Public IPs. > > At some point you will have to manage something outside your current world or > your organization will need to merge/partner/outsource/contract/etc with > someone else's network and they might not be keen to route to your ULA space > (and might not be more trustworthy than the internet at large anyhow). Think > about things like VPN endpoints, video devices, telephones, etc, that may end > up on a public network, maybe behind a device you manage. You may just > manage routers today, but who knows about tomorrow. Put behind a firewall > and use good ingress filtering throughout your network, separating trust > zones with distinct subnets. > > If you are worried about forgetting to enable a firewall, put in a network > management system to verify connectivity stays blocked combined with a > monitored IDS. > -- ^[:wq^M _____ NANOG mailing list NANOG@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog
