[TriLUG] problems IPv6 has helped solve

Randy Barlow randy at electronsweatshop.com
Tue Apr 19 09:09:22 EDT 2011


On 04/19/2011 12:48 AM, Jonathan Woodbury wrote:
> I thought it might be nice for those of us that have deployed IPv6
> either professionally or domestically to briefly mention how IPv6 made
> something easier for us or how IPv6 helped solve a problem.

At home I have the fairly basic Earthlink setup (7 Mbps/384 kbps) with a
single IP address. I have several machines inside my network (three
physical, three virtual). With NAT, I had to use nasty port forwarding
rules, and complicated iptables configurations to get what I wanted. But
what if I want there to be two separate hosts on my network that run
apache on port 80? For example, one of my hosts is a web server, and the
other is a mail server. The mail server runs mailman, so it makes sense
for it to have Apache to host the mailing list web application. I could
just run that on a different port, but I want my users to be able to
access it directly, and I don't really want to pay for the extra v4
addresses (since v4 addresses aren't a renewable resource. They're even
more rare than diamonds and petroleum!) Obviously, my users are all v4
users currently. But once v6 begins mass adoption (which will literally
have to happen soon, especially in Africa and Asia), my users will start
to be v6 adopters. (In the meantime, I also have the Apache service that
has my v4 port proxy for the mailing list, which introduces an extra
point of failure for the mailing list.)

Also, it's very nice to be able to ssh directly to any of my hosts
without having to get to one, then the other. I also abhor having DNS
inside my house return different results than DNS outside of my house.
Now all my machines communicate with each other using the globally
routeable addresses handed out by public DNS. Brilliant!

With teredo tunneling, I have v6 service on my laptop no matter where I
am (work [which will soon have v6!], coffee shops, etc.) so I can always
access my network. I use HE for the tunnel, so my v6 addresses never
change. I hope that when my ISP hands out v6 network addresses that they
are static.

v6 is the way the Internet was intended to be. v4 was an experiment, and
was never intended to be used in production. I think it's important to
note that NAT isn't security, it's a hack to get by in a world with too
few addresses.

v6 greatly simplifies networking. Your iptables rules are cleaner (with
half the tables!) and now everything can have the addressing it's always
wanted.

-- 
R



More information about the TriLUG mailing list