Still thinking a lot about IPv6 and not doing too much yet.
I have updated an old Netscreen 5GT to its highest recommended firmware (5.4.0r19) which supports IPv6 and enabled it. Setting up rules etc is pretty much the same as for IPv4 and I can't see there being any big issues there. I have two options for getting it on the net - get an IPv6 allocation from BT (working on it) or use a tunnel broker (for example Hurricane Electric). Either way I'll need to have my Netscreen 5GT directly connected to the internet outside our firewall and at the moment our incomming internet is wired directly to our firewall. I'll need to unplug our net and install a switch so I can split the incomming traffic, which means getting to the office before anyone else. Some day soon.
One thing I still have not got my head arround is how to allocate IP addresses inside the company. I know the basic idea is the same as if we had an IPv4 /24 to play with, setting lots of different subnets up for different roles. My problem is just the sheer scale - with IPv6 we could have Thousands of subnets and being so used to the limited scope of IPv4 its hard to decide on a setup which is at the correct grain - too many subnets will be a pain to maintain and too few will lead to issues later on. Without experience it will be tricky to get that right. Also if I were to go for one subnet for printer class devices, one for each departments desktops, one for the main servers, one for our public facing servers etc how well would that interact with our current setup where all printers/desktops/internal servers are on the same subnet? Having two seperate overlapping topographies could get interesting....
No comments:
Post a Comment