April 19, 2011

What Enterprises Should Do About IPv6 In 2011

The purpose of this white paper is to provide enterprises with guidance, based on a three- to five-year outlook, on how IPv6 should be included in their network design, planning, and operations starting today. The intended audience is enterprise network administrators. 

This document will explore the area of the network and beyond where IPv6 needs to be considered and the reasons to consider it. In 2011 enterprises should assess their position toward IPv6 with an aim to drafting their own requirements, plans, and opportunities. Indeed, some have already identified IPv6 as a networking tool, better than a (re)numbering constraint, and everybody should share this opportunity.

Download Paper
(Webtorials membership required. Click here to register or if you forgot your username/password.)


This is a fabulous paper that puts all of the IPv6 issues "on the table" for discussion. I particularly like the fact that it has a broad scope, while explaining each in a matter-of-fact manner and realistically looks at the impact (or lack of the same) as IPv6 is rolled out.

Further, it has a great compendium of technical resources that by itself justifies your making this paper a part of your library. A MUST READ for sure!

Mostly agree with what was written but from experience I disagree with the following section.

"Get rid of NAT for IPv6/IPv6 connectivity: The
original purpose of NAT was to have a means of
avoiding overlapping/conflicting IPv4 addresses in
two organizations. As IPv6 has no shortage of
address space, there is no networking reason to
deploy NAT for IPv6. Eventual removal of NAT
represents a simplification, not just to an
enterprise’s network design, but also to application
designs. The dubious security value of IPv4 NAT is
easily replaced by any stateful firewall solution for
IPv6 (which can of course be complemented by
other security techniques like IPSs). For this
reason, IPv6/IPv6 NAT has not been specified yet
by the IETF; the main application envisaged would
be that it offers one way of doing multihoming.

We are not a large site and live out in the sticks where Internet provision is not cheap and mostly dependent on BT. As a result we have two circuits available. A leased line for high availability stuff and reasonable outbound traffic and an ADSL line which we use for internally originated web traffic which is routed over the ADSL line via a routing policy on the firewall. This works because most of the high bandwidth traffic is web based and is OK for IPv4 because of NAT translation.

However - with IPv6 and no NAT there is a problem. With only a single non NAT address on the originating computer the routing policy will send the outbound web traffic over the ADSL line but the return address routing is bound to the leased line IPv6 assignments (we have chosen to use the IPv6 block associated with the leased line) so the return data is to the leased line external interface. This is an issue from a bandwidth perspective but also because firewalls tend to match the inbound packets to the outbound interface that the request was originated on. The only solution I have been able to come up with is to NAT at least one of the interfaces so that the outbound external address causes the return packets to be delivered to the originating interface.

Note that I don't run Cisco firewall.

Search Webtorials

Get E-News and Notices via Email




I accept Webtorials' Terms and Conditions.

Trending Discussions

See more discussions...

Featured Sponsor Microsites



Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Continuing past this point indicates your acceptance of our terms of use as specified at Terms of Use.

Webtorial® is a registered servicemark of Distributed Networking Associates. The Webtorial logo is a servicemark of Distributed Networking Associates. Copyright 1999-2018, Distributed Networking Associates, Inc.