On Sep 12, 2011, at 12:55 PM, Michael Newbery wrote:
* NAT does not exist. If your application requires NAT (e.g. load balancing) it's broken under IPv6. There is no workaround. This is a feature. NAT is gone. [I found this probably the biggest mind-blow for some people]
NAT <> load-balancing. I dislike both NAT and load-balancers for a lot of reasons, but load-balancing doesn't equate to NAT.
* ICMP is not optional. Blocking ICMPv4 indiscriminately was always a bad idea, now it's a terminal idea.
Concur 100%.
* DHCP is optional. If you think you need DHCP, then re-evaluate very, very carefully.
The current IPv6 DHCP brokenness will eventually be resolved, there's no choice in the matter.
* That best practice of providing reverse DNS entries for all possible addresses on your LAN? Not possible. Gone.
I don't know that this was ever a BCP. Reverse DNS for all *utilized* addresses on your LAN, sure, and it's still possible and recommended for IPv6.
* Reverse DNS as a way of encoding useful information is probably not very useful anymore. Find a better way.
Disagree (see above).
* Address scanning your own LAN to find things? Yeah, no.
Disagree to some degree with regards to hinted scanning (again, see reverse DNS above). Flow telemetry is better.
-----------------------------------------------------------------------
Roland Dobbins