Re: [GLOBAL-V6] IPV4 to IPv6 migration
- To: sapumal jayatissa <sjayatissa at hotmail dot com>
- Subject: Re: [GLOBAL-V6] IPV4 to IPv6 migration
- From: Jeroen Massar <jeroen at unfix dot org>
- Date: Sun, 01 Jun 2008 10:36:43 +0200
- Cc: global-v6 at lists dot apnic dot net
- Delivered-to: global-v6 at mailman dot apnic dot net
- In-reply-to: <BLU108-W601D416B01C71DC5B6A67ED3B80 at phx dot gbl>
- List-archive: <http://mailman.apnic.net/mailing-lists/global-v6>
- List-help: <mailto:firstname.lastname@example.org?subject=help>
- List-id: Discussion of new global IPv6 policy development <global-v6.lists.apnic.net>
- List-post: <mailto:email@example.com>
- List-subscribe: <http://mailman.apnic.net/mailman/listinfo/global-v6>, <mailto:firstname.lastname@example.org?subject=subscribe>
- List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/global-v6>, <mailto:email@example.com?subject=unsubscribe>
- Openpgp: id=333E7C23
- Organization: Unfix
- References: <BLU108-W601D416B01C71DC5B6A67ED3B80@phx.gbl>
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:18.104.22.168) Gecko/20080421 Lightning/0.8 Thunderbird/22.214.171.124 Mnenhy/0.7.5.666
sapumal jayatissa wrote:
Hi,In migration to IPv6 in large scale organization, can we use private IPv6 addresses ?
You could, but it is most likely much better to avoid any use of 'private' (I do hope you mean ULA here) addresses.
Or do we need to use Global addresses for all the nodes which may never access Internet ?
Using Global Addresses is generally the smarter thing to do: a) one will have plenty of addresses anyway b) one day, a device will have to talk to the public InternetEspecially because of b) and because of things like Path MTU, you will require a public address in most places.
Can we use proxy servers with IPv6 ?
If you want, of course. But, it does break the end-end idea and when you are proxying you can also stick to IPv4 and just upgrade the proxy to do IPv6.
If we NAT, then we have to NAT in between global routable to global routable,only to hide the real IP address, Is this o.k ?
You *NEVER EVER EVER EVER* NAT in IPv6.Please read RFC4864 ("Local Network Protection for IPv6") for a lot more information about this and how to solve the problems you might have.
If you even are going to remotely think of using NAT, just stick with IPv4 as that works fine for you and you don't have to upgrade anything.
If you really want to 'hide' real IP addresses there is one solution that you should be using: don't connect to the Internet, but allow people to only to use a proxy to use services on the Internet. You are then of course not talking about Internet connectivity anymore.
Do note that due the use of RFC3041 ("Privacy Extensions for Stateless Address Autoconfiguration in IPv6") addresses will change rapidly anyway, thus it will be quite difficult for hosts outside to determine how many people/addresses/hosts are inside. Unfortunately for you though the concept of 'cookies' will break this where webservers will have a lot of other means of tracking people&hosts.
Description: OpenPGP digital signature