Re: @BlueGreen @Crazy Operations Guy
A lot of these things aren't quite problems or have been somewhat solved, some remain, but it isn't as bad as it would seem.
*You can't manually set a default route on most OSes (You need to enable Routing Advertisements)
Which OSes? I've been able to manually set default routes on Windows and Linux. Not sure about OSX but I'd assume it's possible as well. The one I did have problem setting up was with a particular Solaris box, which indeed required me setting up SLAAC/radvd.
*There are a bunch of other services needed on DHCP-based clients
Not sure what you're talking about here.
*Many ISPs don't support IPv6, which means you have to pay for a tunnel
There are free tunnel brokers, SixXS and Hurricane Electric at the least.
*ISPs that d support IPv6 will charge you an arm, a leg and your first born for IP addresses (usually a /64)
Some ISPs are giving out larger blocks. Sometimes a /56 or a /48.
* The smallest IP block you can use is a /64, so you need a new block for every network segment you have.
Agreed, while having /64 as a minimum is a "feature" intended to avoid having the IPv4 problem of "ISP didn't give me but one IP for my home network", if your ISP only gives you a /64 you'll need to ask for new blocks if you want to segment your network. ISPs would have to be forced to give out larger than /64 blocks then.
*No NAT, so rather than just needing a small block of external addresses and using chunk of the 192.168.*.*/16, 172.16.*.*/20 or 10.*.*.*/8, you now need a separate /64 for each piece you were planning on taking.
This is a feature. NAT was originally brought in because of the IPv4 address exhaustion. But the internet was never intended to have a zillion private addresses being hacked into a single IP on the global network and the protocols show it. NAT breaks a lot of stuff and the only reason we see it running smoothly at some places is because the gateways are keeping tabs on the whole NAT stuff. But some things won't work at all. IPv6 brought the "scoped addresses" concept, so your internal stuff can set up a private address space similar to the 10.0.0.0/8 and similar variants for internal equipment, and you don't need to dole out global-scope IPv6 addresses to boxes that aren't going to need access to the global internet.
Sure, it requires a lot of re-training on the security side of IT, but we have to realize that the current "NAT == Security" mentality is wrong and move on.
Biting the hand that feeds IT
