Re: Address allocated but not live
"We want none of it inside our companies and homes. We are happy with or 10 and 172 addresses."
This is a really naive attitude and it is exactly this attitude (and ignorance) that makes the IPv6 transition so difficult.
Ignoring the really obvious problem of being expected to unnecessarily translate between IPv6 and IPv4 on your network boundaries, why are IPv4 private address ranges preferable? The answer is they aren't.
Even if you are hell-bent on your outdated thinking, you could use ULA address ranges in IPv6 for places that you do not want to be globally routable.
The correct tool for the job of controlling network traffic in and out of your network is a firewall. A device with a globally routable IPv6 address behind a correctly configured firewall is just as safe as a device with an internal IPv4 address behind a NAT configuration on a firewall.
Repeat after me: NAT is not a firewall. NAT does not provide security. NAT makes absolutely no guarantees.
"We have are comfortable with NAT"
No, globally, we're not comfortable with NAT.
NAT creates massive headaches and fundamentally pushes us towards service centralisation, as we are forever having to create applications that have to "call outbound" instead of being able to work in true peer-to-peer fashion. It makes even simple applications complicated as we have to constantly be concerned with NAT traversal, or UPnP, or NAT-PMP.
NAT is a hack. It was a hack when it was first implemented, and it's still a hack now. Unfortunately it's a hack that people are sadly attached to.
"OSPF, Vlans and tags."
None of this changes with IPv6 apart from an uplift to the OSPFv3 protocol. VLANs and tagging do not change - those are part of Layer 2, not Layer 3. Please see the OSI model.
"We DO NOT WANT an internet for every device."
This is not a problem with IPv6, but instead with your network topology. Put them on a VLAN that doesn't route to the Internet, or use a firewall to prevent traffic to/from them. There are correct tools for this job. Avoiding IPv6 forever is not.
"I do NOT want my LED light bulbs or my garage door on the internet, because I can not protect them."
See above statement.