multiple prefixes
Brian E Carpenter
brian.e.carpenter at gmail.com
Wed Feb 13 09:09:17 CET 2013
On 12/02/2013 14:08, Seth Mos wrote:
> On 12-2-2013 14:38, Brian E Carpenter wrote:
>> On 12/02/2013 12:46, Seth Mos wrote:
>>> On 12-2-2013 13:18, Tore Anderson wrote:
>>>> * Doug Barton
>>>>
>>>>> NPTv6 for free,
>>>> Free, really?
>>>>
>>>> Which vendor gives away free NPTv6 translators?
>>> Since you likely need(want?) a firewall when implementing NPtv6 you can
>>> probably just turn it on your platform.
>>>
>>> In the Open Source firewall pfSense version 2.1 it comes standard with
>>> the other IPv6 support.
>> Which ALGs are included?
>
> None.
>
> Was that a requirement of sorts? For a lot of client or server initiated
> traffic, it works very similar to what we are used to.
Yes, but surely enterprises will expect (I hate to write this) feature-equivalence
with NAPT44? Doesn't that mean you need a minimum set of ALGs?
> With a few of the drawbacks ofcourse. I am not saying that SIP will just
> work.
I'm sure it won't, although for a protocol designed long after NAT became
prevalent, SIP is remarkably resistant to reality, so my sympathy is
limited.
Brian
> The recommended strategy in this case is picking 1 GUA prefix as the
> "master" prefix, and setup the other one with NPtv6. This to reduce the
> impact of translation. For outbound load balancing of port 80 traffic it
> just happens to work.
>
> Use policy based routing for the rest, the same issues with regards to
> outbound SMTP filtering and DNS per ISP are still just as valid.
>
> Regards,
>
> Seth
>
More information about the ipv6-ops
mailing list