IPv6 strategy for small networks


  • I manage some small networks (2 -3 DCs), 2 or 2 subnets, 1 firewall/router, a couple of switches.

    Although the designers of IPv6 might want all devices to auto configure and rely on a single firewall to protect them from the Internet, I need to know for the auditors which computer has which IP address at what time, and preferably I need to be able to fix them using DHCP.

    I don't really want my firewall which is currently the DG on the IPv4 network to be the DHCP server or have any important function. If the firewall is down the LAN behind it must continue to function.

    I'm therefore not clear how to proceed.

    Do I just choose a random IPv6 range, setup my DCs and other servers with fixed addresses and hope everything else works?

    Then for the public addresses: so we're not supposed to do NAT any more. Do I give my exchange server 2 IPv6 addresses . one FD: whatever and one 2001: when I get some from my ISP, and bind the services to the external one. How does this work for OWA where I have been happily using split DNS until now so the users have the same URL internally and externally.

    Obviously TMG has to go.

    All references and PRACTICAL documents welcome.


    Monday, July 08, 2013 4:51 PM