Junos Connect Video Series — IPv4 and IPv6 coexistence, NAT44 and IPv6 Books
Junos Central: www.juniper.net Junos Connect is your monthly video series featuring interviews with Juniper Networks product experts, product demos, news and more. More on IPv6 at www.juniper.net
@raazstone The use of “private addresses (ULAs)” is *not* the default, and IMHO should be avoided unless you really understand why you need them.
Note: NAT66 (prefix translation) has been spec’ed for environments that choose to use ULAs, as well as for more robust (return) traffic control … and still IMHO, that should also be avoided in most deployments.
The correct answer for almost every deployment is, quite simply, dual stack. Enable IPv6 in addition to IPv4, everywhere possible!
@ChrisGrundemann I understand for like trunk line we need some simple way to route bundled traffic to reduce processing overhead from one node to another, however that doesn’t mean we still have to resort to MAC addresses; like you mentioned MPLS is a good way. However, my idea is that with so many addresses, we could have abandoned the notion of private addresses completely and instead exploited other security measure available in IPv6. That is just my thought. I appreciate your response.
@SPmusicrox Junos is Juniper’s Network Operating system for routing, switching and security.
@Namsep I agree with you, NAT does not add security. Statefull firewalls add security.
@raazstone The trend I see is actually in the opposite direction, where more and more core routing is being replaced with MPLS label switching. Routing is expensive, RIB and FIB space is expensive, the less routers on your network the lower the cost. So from my perspective, I can’t see why you would want to do the opposite in the LAN and eliminate switching in favor of more expensive routing.
@ChrisGrundemann
I don’t get the NAT66 need, it’s not secure and if CPE’s would get a basic interface based on firewalling, just as NAT has an interface, allowing you to say “Allow FTP in to that computer” just as you would with NAT. Isn’t the whole issue more of a naming / Interface kind of problem?
that first guy, ravi pendakanti is a really good speaker…idk if thats how you spell his name:) but i think he really knew what he was talking about and he had some great points! what is junos?
@ChrisGrundemann I understand in a local LAN environment as long as traffic is inbound u can suffice with using only MAC addresses, however when u route packets outside, u will immediately need the IP address thus incurring extra processing ( I mean beyond arp) and the processing time would be further increased by NATing involved. My point is why not eliminate switches altogether from Networking realm, and only have publicly routable addresses where if u connect something you’re in the Internet.
@raazstone IPv6 did eliminate NATing, some die-hards are pushing to re-introduce NAT for IPv6 (NAT66).
The basic premise in IPv6 (as it was in IPv4 originally) is for everything connected to the Internet to have a globally routable (public) address. There are however some cases where “private” addressing is a good thing, and that’s where ULA comes in. Also, switching (layer2 processing) is often lighter-weight/less-expensive then routing and probably should not be eliminated.
with IPv6 having so many addresses, I don’t understand why there’s still private IP addressing. It would be much better if the IPv6 only has public IP addresses, thus eliminating NATing and Layer 2 processing altogether.