RB wrote:
I suggest we take our heads out of the sand and start deploying IPv6 stuff.
It is regrettable you consider asking for a valid business case for
accelerating a largely hobbyist project to be sticking one's head in
the sand.
I meant this one widely. Much more widely and on larger scale. Not just
pfsense project, untill the "magic" date 10.10.2010 we are supposed to
have criticall mass of deployment of IPv6 done, this is the only way we
can go through this transition process with as less pain as possible.
"Is there gonna be IPv6 as main protocol?" - this is not a question
anymore. There are no other ways. On RIPE meetings I spoke with a lot of
exchange providers and european largest ISP-s, the common idea I got
from these guys was "hey, we must grow as a company, when there is no
more IPv4 available, we are ready to make a switch to v6. We calculate,
that it is far too expensive for an ISP to mantain dual-stack for long
time."
So, ISP will not break any part of contract with you, providing you IPv6
only access. Being said that, on the other hand we know, that
translation mechanisms are total crap. NAT-PT is deprecated by IETF,
maybe there is a little hope for SIIT (ptrtd), that does translation on
3rd level and not trying to translate IP headers from v4 to v6, which is
nonsense.
How can we get away with this, possibly with as less mess as possible?
Content providers, hosting providers, everybody that is providing any
sort of content *must* deploy dual-stack and start serving content on
both protocols. Ideally, if everybody would do that, there would be no
need for any rubbish translation devices...
That's why I chose to run two gateways, pfsense as brilliant v4 firewall
and one linux box with v6 stuff and firewall on it, providing access for
dual-stack servers in the system. That's the only way we can test our
applications and you would be surprised, the v6 network is not dead and
silent, there is increasing amount of traffic going on...
Google is preparing their site, to go dual stack, for now they are
testing on http://ipv6.google.com/ . I spoke with Lorenzo, main guy @
google for this stuff, they are still experiencing some problems with
dual-stack. So, if google is experiencing problems and is testing and
developing two years ahead, why woul that not be the good example for
everybody in internet business?
I hope I answered most of your questions.
Regards, /jan
Personally I don't like the idea of two separate firewalls, pfsense for IPv4
and whatever else for IPv6. But, sadly, this is what I am doing now.
Yet you still do not answer the question - what value is v6 providing
you now? Would you mind sharing what made you make the agreeably
painful decision to run two separate gateways?
RB
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
