HP 635n HP Jetdirect Print Servers - Practical IPv6 Deployment for Printing an - Page 25
Intranet and Internet
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 25 highlights
Dual-Stack. By controlling how AAAA records get into DNS, this Dual-Stack transition mechanism will allow us time to add IPv6 capability to internal routers. When IPv6 is fully routable across the intranet, we reach a point where we can add AAAA records to our existing hostnames that are capable of Dual-Stack, starting with our domain controllers, proxy servers, DNS servers, and other fundamental servers. Once our Dual-Stack methodology is proven, we then can start to experiment with IPv6-only subnets. In what follows, a sample network will be shown along with typical connections to the Internet for small to medium size companies. This sample network is not intended to be a recommended deployment, but simply for illustration and educational purposes. Refer to Figure 17 - Intranet and Internet Figure 17 - Intranet and Internet Here we have a simple network where we've separated out our Public Servers from our Internal Servers. The public servers remain IPv4 and the components that provide security to our network from the Internet remain IPv4 (e.g., Firewall. Other components may include Host Intrusion Detection Systems, Network Intrusion Detection Systems, etc...). DNS Zones are also different from the internal network (example.internal) from the external network (example.com). The internal zone will have both A and AAAA records while the external zone will only have A records. The internal servers have been placed in their own subnet and are Dual-Stack. Using SLAAC, we are able to give out our Unique Local range. However, unless our devices are integrated into the Active Directory, we will not be able to securely update DNS. With the sheer amount of network appliances, not just printers and MFPs, there are a multitude of devices that may not need or desire integration with Active Directory. Consequently, getting these addresses securely in DNS becomes a tedious task. 25