[141901] in North American Network Operators' Group
Re: Question about migrating to IPv6 with multiple upstreams.
daemon@ATHENA.MIT.EDU (Owen DeLong)
Mon Jun 13 20:50:20 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <235F63FB-5C21-44B4-9F67-4B561E9B91D6@network1.net>
Date: Mon, 13 Jun 2011 17:48:06 -0700
To: Randy Carpenter <rcarpen@network1.net>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
The vastly better option is to obtain a prefix and ASN from ARIN and =
merely trade BGP with your
upstream providers.
Prefix translation comes with all the same disabilities that are present =
when you do this in IPv4.
In IPv4, everyone's software expects you to have a broken network (NAT) =
and there is lots of extra
code in all of the applications to work around this.
In iPv6, it is not unlikely that this code will eventually get removed =
and you will then have a high
level of application problems in your "prefix-translated" environment.
Owen
On Jun 12, 2011, at 11:46 AM, Randy Carpenter wrote:
> Prefix translation looks to be exactly what we need to do here. Thanks =
for all of the replies.
>=20
>=20
> -Randy
>=20
> On Jun 12, 2011, at 2:42, Seth Mos <seth.mos@dds.nl> wrote:
>=20
>>=20
>> Op 12 jun 2011, om 03:50 heeft Randy Carpenter het volgende =
geschreven:
>>=20
>>>=20
>>> I have an interesting situation at a business that I am working on. =
We currently have the office set up with redundant connections for their =
mission critical servers and such, and also have a (cheap) cable modem =
for general browsing on client machines.
>>=20
>> So basically policy routing?
>>=20
>>> The interesting part is that the client machines need to access some =
customer networks via the main redundant network, so we have a firewall =
set up to route those connections via the redundant connections, and =
everything else via the cheaper, faster cable modem. NAT is used on both =
outbound connections.
>>=20
>> Yep that sounds like policy routing.
>>=20
>>> With IPv6, we are having some trouble coming up with a way to do =
this. Since there is no NAT, does anyone have any ideas as to how this =
could be accomplished?
>>=20
>> Sure there is NAT, you can use prefix translation to translate your =
Global Address Range from the redundant ISP to the Cable ISP Global =
address range when leaving that interface. I've run a similar setup with =
3 independent ISPs with IPv6 netblocks.
>>=20
>> Whichever connection the traffic went out it got the right GUA mapped =
onto it. Note that this is 1:1 NAT and not N:1.
>>=20
>> In my case there was no primary GUA range, I used a ULA on the LAN =
side of things, and mapped the corresponding GUA onto it when leaving =
the network. I had 3 rules, 1 for each WAN and mapped the ULA/56 to the =
GUA/56.
>>=20
>> In your case you already have a primary connection of sorts, so I'd =
suggest using that on the LAN side and only map the other GUA onto it =
when it leaves the other interfaces.
>>=20
>> The policy routing rules on your firewall can make all the routing =
decissions for you.
>>=20
>> If you search google for "IPv6 network prefix translation" there will =
be a firewall listed that can do this somewhere in the middle of the =
page.
>>=20
>> Cheers,
>>=20
>> Seth
>>=20
