Also if you're even thinking about using NAT for IPv6, you're doing it wrong and are still thinking of NAT as a useful mechanism which suggests you're not looking at IPv6 with a completely fresh mindset. Yes there are v4/v6 similarities, but they are few and far between. Any problems caused by a missing feature in v6 are because that feature in v4 is BAD.<div>
<br></div><div>For example, people use NAT as a security mechanism. This is bad, because it's not. NAPT even violates the OSI model.</div><div><br></div><div>If you want services to only be accessible privately, assign both private and public address and use your host and edge firewalls and listen parameters on the service so that only connections from the local subnets are allowed.</div>
<div><br></div><div>IPv6 specifies that all hosts generate a non-routeable link-local address anyway. This makes perfect sense, as it brings ip-related layer 2 services u to layer 3, making them link-type independent. One such example is DHCPv6.</div>
<div><br></div><div>There are also specifications for non-externally-routeable site-local addresses, which are only routeable within the LAN but can span multiple subnets. That's larger deployments taken care of.</div>
<div><br></div><div>The thing to remember is that IPv6 is designed for each host to have multiple addresses, meaning you can have a link-local, site-local and globally routeable IP address per host which can each be secured independently. Manage it all correctly and there are no problems. A subnet change should just mean that you need to update DNS records for your external services and edge routers with the new subnet mask.</div>
<div><br></div><div>Just my 2 cents.<br><br><div class="gmail_quote">On 27 December 2012 14:25, Andrew Cassidy <span dir="ltr"><<a href="mailto:andrew@cassidywebservices.co.uk" target="_blank">andrew@cassidywebservices.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">if my subnet changes i only need to change ONE setting on my entire network. <div class="HOEnZb"><div class="h5"><br><br>
<div class="gmail_quote">On 25 December 2012 07:35, Mimiko <span dir="ltr"><<a href="mailto:vbvbrj@gmail.com" target="_blank">vbvbrj@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>On 25.12.2012 02:14, Scott wrote:<br>
<br>
> Anyone with medium to large addressable end-points in their<br>
> installations really needs to look at implementing IPv6 WITH -- repeat<br>
> WITH -- IPv6-NAT (and/or NAT64) in the mix.<br>
><br>
</div>I will use this when moving to ipv6. At my company we have two internet<br>
and voip providers for fault tolerance and load balacing. Also for using<br>
lowest cost per call. The plans are to have third internet and voip<br>
provider.<br>
<br>
So using internal ipv6 for addressing and dynamically mapping to those,<br>
provided by internet providers, is the only way to work.<br>
<span><font color="#888888"><br>
--<br>
Mimiko desu.<br>
</font></span><div><div><br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div></div></div><div class="HOEnZb"><div class="h5">-- <br><b>Andrew Cassidy BSc (Hons) MBCS SSCA</b><div>Managing Director<div><div><img src="http://c1170247.r47.cf3.rackcdn.com/emailsig.png"><br>
</div><div>
<br><div><b style="color:rgb(51,135,171);text-decoration:none;font-family:sans-serif"><a href="mailto:info@cassidywebservices.co.uk" style="color:rgb(51,135,171);text-decoration:none;font-family:sans-serif" target="_blank">T</a> </b><a href="tel:03300%20100%20960" value="+443300100960" target="_blank">03300 100 960</a>
<b style="color:rgb(51,135,171);text-decoration:none;font-family:sans-serif"><a href="mailto:info@cassidywebservices.co.uk" style="color:rgb(51,135,171);text-decoration:none;font-family:sans-serif" target="_blank">F</a> </b><a href="tel:03300%20100%20961" value="+443300100961" target="_blank">03300 100 961</a></div>
<div><b style="text-decoration:none;font-family:sans-serif"><a href="mailto:info@cassidywebservices.co.uk" style="color:rgb(51,135,171);text-decoration:none;font-family:sans-serif" target="_blank">E</a> </b><a href="mailto:andrew@cassidywebservices.co.uk" target="_blank">andrew@cassidywebservices.co.uk</a></div>
<div><b style="text-decoration:none;font-family:sans-serif"><a href="mailto:info@cassidywebservices.co.uk" style="color:rgb(51,135,171);text-decoration:none;font-family:sans-serif" target="_blank">W</a> </b><a href="http://www.cassidywebservices.co.uk" target="_blank">www.cassidywebservices.co.uk</a></div>
</div></div></div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><b>Andrew Cassidy BSc (Hons) MBCS SSCA</b><div>Managing Director<div><div><img src="http://c1170247.r47.cf3.rackcdn.com/emailsig.png"><br></div><div>
<br><div><b style="color:rgb(51,135,171);text-decoration:none;font-family:sans-serif"><a href="mailto:info@cassidywebservices.co.uk" style="color:rgb(51,135,171);text-decoration:none;font-family:sans-serif" target="_blank">T</a> </b>03300 100 960
<b style="color:rgb(51,135,171);text-decoration:none;font-family:sans-serif"><a href="mailto:info@cassidywebservices.co.uk" style="color:rgb(51,135,171);text-decoration:none;font-family:sans-serif" target="_blank">F</a> </b>03300 100 961</div>
<div><b style="text-decoration:none;font-family:sans-serif"><a href="mailto:info@cassidywebservices.co.uk" style="color:rgb(51,135,171);text-decoration:none;font-family:sans-serif" target="_blank">E</a> </b><a href="mailto:andrew@cassidywebservices.co.uk" target="_blank">andrew@cassidywebservices.co.uk</a></div>
<div><b style="text-decoration:none;font-family:sans-serif"><a href="mailto:info@cassidywebservices.co.uk" style="color:rgb(51,135,171);text-decoration:none;font-family:sans-serif" target="_blank">W</a> </b><a href="http://www.cassidywebservices.co.uk" target="_blank">www.cassidywebservices.co.uk</a></div>
</div></div></div>
</div>