[c-nsp] IPv6 routing vs IPv4 Nating
Tom Hill
tom at ninjabadger.net
Mon Aug 22 17:54:04 EDT 2016
On 22/08/16 22:34, Gert Doering wrote:
> Not if you NAT the IPv4 - the NAT part enforces symmetry.
>
> Not that I'm a big fan of NAT, but it has its uses :-)
FHRPs aren't just for 'inside' interfaces. You do have to be sure to
adjust the priorities of 'inside' and 'outside' interfaces together to
maintain your symmetry, but that's not difficult. FHRP also takes care
of ARP delays during failover.
Presumably some brands of firewall clusters also work on active/passive
(i.e. STONITH) failover means, which also happens to be agnostic of any
NAT going on, and serves to maintain symmetry.
Assuming there's state synchronisation in all cases, of course.
Mixing the v4 NAT and IPv6 together isn't as simple, I agree, but the OP
seemed very confused as to how routing works without NAT; my point was
that it's worth remembering how IPv4 worked without any NAT, before
trying to swallow your IPv6 deployment whole. :)
--
Tom
More information about the cisco-nsp
mailing list