[124081] in North American Network Operators' Group
Re: IP4 Space
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Mar 23 01:19:00 2010
From: Owen DeLong <owen@delong.com>
In-Reply-To: <2DC364E3-EC9C-405C-8463-BC6935A09EC4@senie.com>
Date: Mon, 22 Mar 2010 22:13:27 -0700
To: Daniel Senie <dts@senie.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 22, 2010, at 9:39 PM, Daniel Senie wrote:
>=20
> On Mar 22, 2010, at 6:53 PM, Stan Barber wrote:
>=20
>> In this case, I am talking about an IPv6<->IPv6 NAT analogue to the =
current IPv4<->IPv4 NAT that is widely used with residential Internet =
service delivery today.
>>=20
>> I believe that with IPv6 having much larger pool of addresses and =
each residential customer getting a large chunk of addresses will make =
IPv6<->IPv6 NAT unnecessary. I also believe that there will be IPv6 =
applications that require end-to-end communications that would be broken =
where NAT of that type used. Generally speaking, many users of the =
Internet today have not had the luxury to experience the end-to-end =
model because of the wide use of NAT.=20
>=20
> End-to-end applications will face much of the same interruption issues =
in the future as today. They will face firewall equipment that inspects =
the packet stream and purposefully blocks applications that are =
potentially harmful (e.g. vectors for systems infection). While the =
address translation part of stateful inspection firewall processing may =
not be used for IPv6, all other aspects of firewall function will be as =
applicable to IPv6 packets as they are to IPv4.
>=20
Sure, but, for the most part, it is the address translation part that =
does unintended damage to end-to-end protocols.
The stateful inspection is intended interference, so usually a =
work-around is undesirable. In the case of NAT, there's
often a need for a workaround due to the unintended consequences. Hence =
the creation of STUN, SNAT, UPNP, etc.
>>=20
>> Given that these customers today don't routinely multihome today, I =
currently believe that behavior will continue. Multihoming is generally =
more complicated and expensive than just having a single connection with =
a default route and most residential customers don't have the time, =
expertise or financial support to do that. So, the rate of multihoming =
will stay about the same even though the number of potential sites that =
could multihome could increase dramatically as IPv6 takes hold.
>=20
> I deal more with small businesses than residences, but I will take =
issue with the premise presented. Today there are many products, =
especially firewalls that allow "multihoming" of a sort using multiple =
upstream connections in conjunction with IPv4 and NAT. This is fairly =
simple, and can allow smaller offices, such as a company's field offices =
to combine multiple broadband connections, such as a cable modem and a =
DSL connection, to attain higher reliability and increased bandwidth.
>=20
Albeit with a number of less than ideal tradeoffs vs. a BGP-based =
multihoming solution.
With the smaller routing table afforded by IPv6, this will be less =
expensive. As a result, I
suspect there will be more IPv6 small multihomers.
That's generally a good thing.
> Because these appear to be just two broadband customer modems in one =
location (whether small business or residence), you cannot easily =
determine that such combining is being done.
>=20
> As this is a VERY useful, and well-used capability, it will be =
interesting to see what the vendors choose to offer in their equipment =
as IPv6 support improves.
>=20
It's pretty easy to do this in IPv6 without NAT. Just advertise both =
prefixes in the RA from the device and you're done.
Owen
