[131315] in North American Network Operators' Group
Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 -
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Thu Oct 21 22:53:32 2010
Date: Thu, 21 Oct 2010 19:53:20 -0700
From: Leo Bicknell <bicknell@ufp.org>
To: NANOG list <nanog@nanog.org>
Mail-Followup-To: NANOG list <nanog@nanog.org>
In-Reply-To: <5A6D953473350C4B9995546AFE9939EE0B14C423@RWC-EX1.corp.seven.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Thu, Oct 21, 2010 at 07:21:41PM -0700, George Bonse=
r wrote:
> With v6, while changing prefixes is easy for some gear, other gear is
> not so easy. If you number your entire network in Provider A's space,
> you might have more trouble renumbering into Provider B's space because
> now you have to change your DHCP ranges, probably visit printers, fax
> machines, wireless gateways, etc. and renumber those, etc. And some
> production boxes that you might have in the office data center are
> probably best left at a static IP address, particularly if they are
> fronted by a load balancer where their IP is manually configured.
>=20
> The complaint was that there is no equivalent in v6 and that someone is
> probably going to build and sell one and we will be right back in the
> same situation with v6 with networks in ULA space being NATed at the
> edge. People aren't going to want very much of their network
> infrastructure support tied to a provider's IP space.
It would seem to me there is a market for a "new sort of NAT" with
IPv6. That is the technology is not new, but it's a model we can't
do in IPv4.
If you could number your internal network out of some IPv6 space
(possibly 1918 style, possibly not), probably a /48, and then get
from your two (or more) upstreams /48's of PA space you could do
1:1 NAT. No PAT, just pure address translation, 1:1.
You can "renumber" by configuring a new outside translation. The
NAT box can do the load distribution functions discussed here, some
users out one provider, others out the second provider. There is
no port complication, so incoming connections are much simpler.
It's a vast improvement over the port based mess we have now, and
provides an interesting way to "multihome" at the edge. If we could get
a simple protocol, in the model of UDLD to go NAT box to Provider router
to establish that it was up, and a little bit of DNS software magic to
make it easier to manage the external addresses appearing in DNS for
exposed services this could solve the vast majority of small site
multihoming needs.
What makes it all possible is the same prefix length internally and
from all providers. It's a reason why /48 could be important.
Given all effort put into "better" multihoming in IPv6 I'm really
surprised this simple solution which basically exists in code today
(porting an IPv4 NAT to IPv6, if there is no PAT, is easy).
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--pWyiEgJYm5f9v55/
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (FreeBSD)
iQIVAwUBTMD8oLN3O8aJIdTMAQLeiw//VDZWa5e0ZuZ8dIEyw4ONftpqwWhDTWlF
E7dHVTPEa+HNG9FU8AfXBRHfXeLQ7aJEIvVTDBJccbmRxYuUrwgwwCthiseL7riU
rDbszoK+I9pkTA36S83cJusK4wtBVEl6VyH89rKLhoUBQw6wliyO9x0lkPntFfDP
YGgvE0866aWbXr4mqwVozRGG3sT739vUvUfYA5XoRcjW9DLODlo5Qnvknq366RNo
kHoEExacHMPZAPOgyonie8T7Xao0oK9gkU3NB/5aeMwJrNli3vH7yQYTq8qTqdTX
ew8cQybU/dy2iwu55AxCfg/pYciOm8xsprkJGLrF8O//TBtFTQjDU5jiXK6ZE0F6
VVH2QI66n4u4k4nI5mnryHMihxuiCTBcYNWF3bas6Oo72QI2QNDkzEaYs5RoS4yp
vlgXCJ9beuDhHHwZfBgjf74w6OFLW8PzPcW8nOF2v3pbiMPO2y3846HimjX497Zb
pDHKEixPrbJAdBSCVzVODQH+z2bsxKn5bmmhRxrhdnz9MIMLH5FEo1juFZduLSTX
BOBEVwfbrZq41DWmKlq5xFBNjH0Yf70rsJcXgT4nhpiT+tfHG1hnPuLn1dobRzP9
wwRDZVcuL4YPQ2dcpkkDaNZ8eZ4q3WfbI/nu1+d+HfhtLjgk6kd7E5g80VCOfiCH
fcRpvBI/tTc=
=pLq7
-----END PGP SIGNATURE-----
--pWyiEgJYm5f9v55/--
