Re: [GLOBAL-V6] IPV4 to IPv6 migration

To: sapumal jayatissa <sjayatissa@hotmail.com>
Subject: Re: [GLOBAL-V6] IPV4 to IPv6 migration
From: Jeroen Massar <jeroen@unfix.org>
Date: Sun, 01 Jun 2008 10:36:43 +0200
Cc: global-v6@lists.apnic.net
Delivered-to: global-v6@clove.apnic.net
In-reply-to: <BLU108-W601D416B01C71DC5B6A67ED3B80@phx.gbl>
List-archive: <http://mailman.apnic.net/mailing-lists/global-v6>
List-help: <mailto:global-v6-request@lists.apnic.net?subject=help>
List-id: Discussion of new global IPv6 policy development <global-v6.lists.apnic.net>
List-post: <mailto:global-v6@lists.apnic.net>
List-subscribe: <http://mailman.apnic.net/mailman/listinfo/global-v6>, <mailto:global-v6-request@lists.apnic.net?subject=subscribe>
List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/global-v6>, <mailto:global-v6-request@lists.apnic.net?subject=unsubscribe>
Openpgp: id=333E7C23
Organization: Unfix
References: <BLU108-W601D416B01C71DC5B6A67ED3B80@phx.gbl>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080421 Lightning/0.8 Thunderbird/2.0.0.14 Mnenhy/0.7.5.666

sapumal jayatissa wrote:

Hi,
In migration to IPv6 in large scale organization, can we use privateIPv6 addresses ?

You could, but it is most likely much better to avoid any use of'private' (I do hope you mean ULA here) addresses.

Or do we need to use Global addresses for all the nodes which may neveraccess Internet ?


Using Global Addresses is generally the smarter thing to do:

 a) one will have plenty of addresses anyway
 b) one day, a device will have to talk to the public Internet

Especially because of b) and because of things like Path MTU, you willrequire a public address in most places.

Can we use proxy servers with IPv6 ?

If you want, of course. But, it does break the end-end idea and when youare proxying you can also stick to IPv4 and just upgrade the proxy to doIPv6.

If we NAT, then we have to NAT in between global routable to globalroutable,
only to hide the real IP address, Is this o.k ?


You *NEVER EVER EVER EVER* NAT in IPv6.

Please read RFC4864 ("Local Network Protection for IPv6") for a lot moreinformation about this and how to solve the problems you might have.

If you even are going to remotely think of using NAT, just stick withIPv4 as that works fine for you and you don't have to upgrade anything.

If you really want to 'hide' real IP addresses there is one solutionthat you should be using: don't connect to the Internet, but allowpeople to only to use a proxy to use services on the Internet. You arethen of course not talking about Internet connectivity anymore.

Do note that due the use of RFC3041 ("Privacy Extensions for StatelessAddress Autoconfiguration in IPv6") addresses will change rapidlyanyway, thus it will be quite difficult for hosts outside to determinehow many people/addresses/hosts are inside. Unfortunately for you thoughthe concept of 'cookies' will break this where webservers will have alot of other means of tracking people&hosts.


Greets,
 Jeroen

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: [GLOBAL-V6] IPV4 to IPv6 migration
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>

References:
- [GLOBAL-V6] IPV4 to IPv6 migration
  - From: sapumal jayatissa <sjayatissa@hotmail.com>

Prev by Date: [GLOBAL-V6] IPV4 to IPv6 migration
Next by Date: Re: [GLOBAL-V6] IPV4 to IPv6 migration
Previous by thread: [GLOBAL-V6] IPV4 to IPv6 migration
Next by thread: Re: [GLOBAL-V6] IPV4 to IPv6 migration
Index(es):
- Date
- Thread