[141850] in North American Network Operators' Group
Re: Question about migrating to IPv6 with multiple upstreams.
daemon@ATHENA.MIT.EDU (Randy Carpenter)
Sun Jun 12 14:46:16 2011
From: Randy Carpenter <rcarpen@network1.net>
In-Reply-To: <9D8AED84-6BC6-4795-8A7E-CCEB70D24BE2@dds.nl>
Date: Sun, 12 Jun 2011 14:46:12 -0400 (EDT)
To: Seth Mos <seth.mos@dds.nl>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Prefix translation looks to be exactly what we need to do here. Thanks for a=
ll of the replies.
-Randy
On Jun 12, 2011, at 2:42, Seth Mos <seth.mos@dds.nl> wrote:
>=20
> Op 12 jun 2011, om 03:50 heeft Randy Carpenter het volgende geschreven:
>=20
>>=20
>> I have an interesting situation at a business that I am working on. We cu=
rrently have the office set up with redundant connections for their mission c=
ritical servers and such, and also have a (cheap) cable modem for general br=
owsing on client machines.
>=20
> So basically policy routing?
>=20
>> The interesting part is that the client machines need to access some cust=
omer networks via the main redundant network, so we have a firewall set up t=
o route those connections via the redundant connections, and everything else=
via the cheaper, faster cable modem. NAT is used on both outbound connectio=
ns.
>=20
> Yep that sounds like policy routing.
>=20
>> With IPv6, we are having some trouble coming up with a way to do this. Si=
nce there is no NAT, does anyone have any ideas as to how this could be acco=
mplished?
>=20
> Sure there is NAT, you can use prefix translation to translate your Global=
Address Range from the redundant ISP to the Cable ISP Global address range w=
hen leaving that interface. I've run a similar setup with 3 independent ISPs=
with IPv6 netblocks.
>=20
> Whichever connection the traffic went out it got the right GUA mapped onto=
it. Note that this is 1:1 NAT and not N:1.
>=20
> In my case there was no primary GUA range, I used a ULA on the LAN side of=
things, and mapped the corresponding GUA onto it when leaving the network. I=
had 3 rules, 1 for each WAN and mapped the ULA/56 to the GUA/56.
>=20
> In your case you already have a primary connection of sorts, so I'd sugges=
t using that on the LAN side and only map the other GUA onto it when it leav=
es the other interfaces.
>=20
> The policy routing rules on your firewall can make all the routing decissi=
ons for you.
>=20
> If you search google for "IPv6 network prefix translation" there will be a=
firewall listed that can do this somewhere in the middle of the page.
>=20
> Cheers,
>=20
> Seth
>=20
