It's a security and operational issue. The perception is that it's easier to monitor, manage, and filter one address per host instead of 3. For most in the enterprise world it's a non-starter to have that setup; even if that perception is a false one. Not sure I have the energy to re-hash the tired old NAT debate though. ;-) On Tue, Jun 14, 2011 at 1:38 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Tue, 14 Jun 2011 13:04:11 EDT, Ray Soucy said:
A better solution; and the one I think that will be adopted in the long term as soon as vendors come into the fold, is to swap out RFC1918 with ULA addressing, and swap out PAT with NPT; then use policy routing to handle load balancing and failover the way most "dual WAN" multifunction firewalls do today.
Example:
Each provider provides a 48-bit prefix;
Internally you use a ULA prefix; and setup prefix translation so that the prefix gets swapped appropriately for each uplink interface. This provides the benefits of "NAT" used today; without the drawback of having to do funky port rewriting and restricting incoming traffic to mapped assignments or UPnP.
Why do people insist on creating solutions where each host has exactly one IPv6 address, instead of letting each host have *three* (in this case) - a ULA and two provider-prefixed addresses?
-- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/