[181801] in North American Network Operators' Group
Re: Dual stack IPv6 for IPv4 depletion
daemon@ATHENA.MIT.EDU (Mel Beckman)
Sun Jul 5 10:12:41 2015
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: Josh Moore <jmoore@atcnetworks.net>
Date: Sun, 5 Jul 2015 14:12:37 +0000
In-Reply-To: <5C7F49B5-B5D8-4F50-9B22-A5590253BFE3@atcnetworks.net>
Cc: "johnl@iecc.com" <johnl@iecc.com>, "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Josh,
Your job is simple, then. Deliver dual-stack to your customers and if they =
want IPv6 they need only get an IPv6-enabled firewall. Unless you're also a=
n IT consultant to your customers, your job is done. If you already supply =
the CPE firewall, then you need only turn on IPv6 for customers who request=
it. With the right kind of CPE, you can run MPLS or EoIP and deliver publi=
c IPv4 /32s to customers willing to pay for them. Otherwise it's private IP=
v4 and NAT as usual for IPv4 traffic.=20
-mel via cell
> On Jul 5, 2015, at 6:57 AM, Josh Moore <jmoore@atcnetworks.net> wrote:
>=20
> We are the ISP and I have a /32 :)
>=20
> I'm simply looking at the best strategy for migrating my subscribers off =
v4 from the perspective of solving the address utilization crisis while sti=
ll providing compatibility for those one-off sites and services that are st=
ill on v4.
>=20
>=20
>=20
>=20
> Thanks,
>=20
> Joshua Moore
> Network Engineer
> ATC Broadband
> 912.632.3161
>=20
> On Jul 5, 2015, at 9:55 AM, Mel Beckman <mel@beckman.org> wrote:
>=20
>>>=20
>>> Josh Moore wrote:
>>>=20
>>> Tunnels behind a CPE and 4to6 NAT seem like bandaid fixes as they do no=
t give the benefit of true end to end IPv6 connectivity in the sense of eve=
ry device has a one to one global address mapping.
>>=20
>> No, tunnels do give you one to one global IPv6 address mapping for every=
device. From a testing perspective, a tunnelbroker works just as if you h=
ad a second IPv6-only ISP. If you're fortunate enough to have a dual-stack =
ISP already, you can forgo tunneling altogether and just use an IPv6-capabl=
e border firewall.=20
>>=20
>> William Waites wrote:
>>> I was helping my
>>> friend who likes Apple things connect to the local community
>>> network. He wanted to use an Airport as his home gateway rather than
>>> the router that we normally use. Turns out these things can *only* do
>>> IPv6 with tunnels and cannot do IPv6 on PPPoE. Go figure. So there is
>>> not exactly a clear path to native IPv6 for your lab this way.
>>=20
>> Nobody is recommending the Apple router as a border firewall. It's terri=
ble for that. But it's a ready-to-go tunnelbroker gateway. If your ISP can'=
t deliver IPv6, tunneling is the clear path to building a lab. If you have =
a dual-stack ISP already, the clear path is to use an IPv6-capable border f=
irewall.=20
>>=20
>> So you are in a maze of non-twisty paths, all alike :)
