On 16.12.2015 10:33, Johannes Weber wrote: > 1) Many DNS changes for services behind the dyn prefix (not all devices > are able to update DNS records) For those of you having its own authoritative DNS server (which is recommended anyway if you want to use DNSSEC), the following tool can help to manager your DNS entries in case of network prefix change: http://www.hznet.de/tools.html#gen6dns
It generates forward and reverse RR for all prefixes given on the command line. > 2) Security policies with DynDNS ranges (how to allow a dyn IPv6-range > in other firewall policies?) > 3) Routing inside IPv6 VPN tunnels (solved with OSPFv3, but maybe not > optimal?) > I am highly interested in others experience about dynamic prefixes. How > do you solve these problems, e.g., when a company has several remote > offices with dynamic prefixes? The best is to avoid dynamic prefixes if it is not a single LAN home network environment. Otherwise there are actually too many unresolved issues. So in your case ("company (with) several remote offices") I would recommend have a look at LISP. It can help a lot to get a stable prefix. The advantage against SixXS and the like is, that LISP can be used with IPv6 transport too, and is able to send traffic to other LISP sites directly, not via the LISP Proxy. LISP is an full mesh overlay network. Holger
smime.p7s
Description: S/MIME Cryptographic Signature