[colug-432] tunnelled IPv6 -- was: Looking for info on Columbus

[Rob Funk]

On Wednesday, March 09, 2011 01:39:49 pm Richard Troth wrote:
>  * get into v6 sooner, hoping to knock-out problems early, rather than wait
>  * also, get my publicly visible servers ready for v6
>  * evaluate the security implications of IPv6 and consider it as an
> alternative to VPN

Yes... since the ipv4 addresses are all allocated, they will rapidly become 
more precious commodities. To hang on to the ipv4 world, the ISPs are going to 
have to recycle dynamic addresses more quickly, and after that probably give 
us the nightmare of multi-layer-NAT. Eventually the ISPs will need to switch 
everyone to ipv6, and it's best to get as many of the hassles as possible out 
of the way before you're forced to.

(That said, the tunneling solution seems to introduce extra hassles that I'm 
not yet convinced are worth the trouble. So for now I'm hoping my ISP will 
offer an ipv6 option long before they resort to multi-layer-NAT or require a 
full switchover. Or maybe the tunneling will get simpler first.)

> And yeah, NAT addresses do collide.  There are 256 class C subnets
> under 192.168.x.x, and if you're at a big enough company you *will*
> bump into something used by your employer.  (Does it matter?  Did for
> me.)  Then there's the stuff about taking your laptop over to your
> buddies house.  His WiFi animal doles out something under 192.168.1.x
> just like yours does.  Does it matter?  Maybe.

I stopped using 192.168.x.x addresses long ago. There's the possibility of 
65356 different /24 networks in the 10.x.x.x space, so you're much less likely 
to have collisions there. And while the 172.16/12 space doesn't have as many 
networks in it as 10/8 does, it's less well-known, so collisions are unlikely 
there too.

Though I do often end up adding a secondary 192.168.x.x address on my machine 
just for configuring a router.