IPv6 Dynamic Prefix Problems
Holger Zuleger
Holger.Zuleger at hznet.de
Wed Dec 16 15:56:56 CET 2015
On 16.12.2015 10:33, Johannes Weber wrote:
> 1) Many DNS changes for services behind the dyn prefix (not all devices
> are able to update DNS records)
For those of you having its own authoritative DNS server (which is
recommended anyway if you want to use DNSSEC), the following tool can
help to manager your DNS entries in case of network prefix change:
http://www.hznet.de/tools.html#gen6dns
It generates forward and reverse RR for all prefixes given on the
command line.
> 2) Security policies with DynDNS ranges (how to allow a dyn IPv6-range
> in other firewall policies?)
> 3) Routing inside IPv6 VPN tunnels (solved with OSPFv3, but maybe not
> optimal?)
> I am highly interested in others experience about dynamic prefixes. How
> do you solve these problems, e.g., when a company has several remote
> offices with dynamic prefixes?
The best is to avoid dynamic prefixes if it is not a single LAN home
network environment. Otherwise there are actually too many unresolved
issues.
So in your case ("company (with) several remote offices") I would
recommend have a look at LISP. It can help a lot to get a stable prefix.
The advantage against SixXS and the like is, that LISP can be used with
IPv6 transport too, and is able to send traffic to other LISP sites
directly, not via the LISP Proxy. LISP is an full mesh overlay network.
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4160 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20151216/b0c8372d/attachment-0001.bin
More information about the ipv6-ops
mailing list