[rhelv6-list] IPv6 adoption with RHEL6 (and GNU/Linux in general)

Marti, Robert RJM002 at shsu.edu
Wed Jan 12 13:46:23 UTC 2011 

You could still use 4 for private networks that aren't going to connect out to somewhere, but that likely doesn't solve your problem. 

Your example is probably why people aren't rushing to adopt - lots of people NAT and doing away with that requires a lot of network design work. 

Sent from my iPhone

On Jan 12, 2011, at 7:27 AM, "Matthias Saou" <thias at spam.spam.spam.spam.spam.spam.spam.egg.and.spam.freshrpms.net> wrote:

> Hi,
> 
> Every once in a while, someone important comes up with a scary story
> about IPv4 space exhaustion. So far so good, raising awareness about
> this issue is positive.
> 
> Then people get all hyped up about IPv6. Cool, lots of techies and
> geeks like me love toying with new things, and IPv6 is not too hard to
> understand nor implement.
> 
> But then everyone realizes that IPv6 will only be really useful once
> everyone has it and everyone is reachable from any IPv6-only connected
> host. This leads to two possible behaviors :
> 
> * One just thinks "I'll look at IPv6 once everyone else already has,
>   since there is no point in doing it sooner."
> * Or one thinks "I'll implement new IPv6 networks on top of our
>   existing IPv4 networks, get it all dual-stacked, and hopefully
>   contribute to bootstraping the whole IPv6 adoption."
> 
> I'm from that second group. I've learned what I need to know about
> IPv6 and did quite a bit of testing. But I've never managed to get IPv6
> into production on any of the infrastructures I manage.
> 
> Why? ip6tables doesn't support NAT. It's that simple.
> 
> I know the reasons for the lack of NAT support, which are given over and
> over again. But here is my real world issue with them :
> All of the networks I manage have at least one or more points where
> multiple hosts are connected with a single network interface to a
> network which is not routed to the outside, but translated instead.
> Some other hosts have two interfaces and are connected to both this
> private/internal network and to another where they have routable IPv4
> addresses.
> 
> Given the above :
> * It would be trivial to define a 1:1 mapping between existing IPv4
>   networks and new IPv6 networks (both routable and private) *IF* I
>   could just copy and slightly adapt all iptables rules to ip6tables
>   rules.
> * It is *NOT* trivial to rethink the entire network topology in order
>   to have all hosts with IPv6 and no NAT at all : IPv6 routing is
>   needed where no IPv4 routing was present (only translation), and
>   existing hosts which were previously unreachable from the Internet
>   would become reachable by default through IPv6, creating new
>   annoyances such as ssh hammering, requiring inbound filtering where
>   none was previously needed.
> 
> My personal conclusion is that while netfilter developers have a point
> in not wanting to implement NAT for IPv6 in order to get a cleaner and
> more routable Internet, sys/netadmins like me relying heavily on
> GNU/Linux would have deployed IPv6 already if easy 1:1 scenarios for
> typical infrastructures were available.
> 
> I'd be curious to know what others think of this, read experiences, from
> the Enterprise side. Did you already deploy IPv6 on existing RHEL-based
> infrastructures? Onto new infrastructures? How do you deal with
> existing IPv4 NAT situations?
> 
> Matthias
> 
> -- 
> Clean custom Red Hat Linux rpm packages : http://freshrpms.net/
> Fedora release 14 (Laughlin) - Linux kernel 2.6.35.10-72.fc14.x86_64
> Load : 0.00 0.04 0.13
> 
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list

More information about the rhelv6-list mailing list