[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
NAT66 was Re: using "reserved" IPv6 space
- Subject: NAT66 was Re: using "reserved" IPv6 space
- From: owen at delong.com (Owen DeLong)
- Date: Mon, 16 Jul 2012 23:40:11 -0700
- In-reply-to: <[email protected]>
- References: <CAD8GWsswFwnPKTfxt=squUmZofs3_-yriHY8o4Gt3W9+x6fVUQ@mail.gmail.com> <[email protected]> <CAPiURgV+E-FLg_dkKq97P1OkhBWuZGiRVQd1GvY-Uh=09omREQ@mail.gmail.com> <[email protected]> <[email protected]>
On Jul 16, 2012, at 10:20 PM, valdis.kletnieks at vt.edu wrote:
> On Mon, 16 Jul 2012 21:31:42 -0700, Owen DeLong said:
>> Think HA pairs in Pittsburgh, Dallas, and San Jose.
>>
>> Now imagine each has different upstream connectivity and the backbone
>> network connecting all the corporate sites lives inside those firewalls.
>>
>> The real solution to this is to move the backbone outside of the firewalls
>> and connect the internal networks via VPNS that ride the external backbone
>> and can be routed over the internet safely when a backbone link fails.
>
> Wouldn't this be even easier if you gave each machine involved multiple
> addresses, one ULA and one external? This isn't IPv4 anymore, you can
> stick multiple addresses on an interface. :)
Not really... Doesn't help with the situation where you go from
host->Firewall A-> web server on the external internet
and the response goes
web server->Firewall B-> X (Firewall B has no state table entry for the session).
Owen