[TriLUG] problems IPv6 has helped solve
jpwoodbu at mybox.org
Tue Apr 19 00:48:41 EDT 2011
I thought it might be nice for those of us that have deployed IPv6
either professionally or domestically to briefly mention how IPv6 made
something easier for us or how IPv6 helped solve a problem.
I can start off with a classic problem. In my office we have a mail
server with a private IPv4 address. Our firewall NATs a static global
IPv4 address to this private address and allows typical email traffic
through. This is great! Now my phone can check my email when I'm
outside the office. But when I bring my phone inside the office my
phone can't reach the mail server!
DNS resolves the name of our mail server to a global IPv4 address, so
my traffic goes to my default router, which is actually the firewall
device mentioned above that's NAT-ing traffic to our email server.
Well, presumably for security reasons, this firewall won't route
traffic back across the same interface from which it arrived. This is
what is dropping the email traffic from my phone.
I could use a DNS solution for this problem. But many of those
solutions require that I maintain completely independent zones for
private and public views. What a pain, and so prone to negligence!
Maybe a DNS proxy solution or firewall DNS rewrite is possible? But
now we're still talking adding unnecessary complexity to our network.
Global addressing saves the day! We deploy IPv6 to our office
networks and now my phone can:
* access email using IPv6 outside the office if v6 service is available
* access email using IPv4 outside the office if only v4 is available
* access email using IPv6 inside the office
More information about the TriLUG