[181805] in North American Network Operators' Group
Re: Dual stack IPv6 for IPv4 depletion
daemon@ATHENA.MIT.EDU (Mel Beckman)
Sun Jul 5 10:47:20 2015
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: Mike Hammett <nanog@ics-il.net>
Date: Sun, 5 Jul 2015 14:47:14 +0000
In-Reply-To: <599500055.150.1436106852275.JavaMail.mhammett@ThunderFuck>
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
That's only an issue if you distribute a public IPv4 address to each custom=
er. If you use private addressing in the core, ordinary NAT works if you're=
not a carrier-grade provider, and even then it can be practical in many ca=
ses. CGN is a solution for providers not willing to migrate to a private co=
re.=20
-mel beckman
> On Jul 5, 2015, at 7:35 AM, Mike Hammett <nanog@ics-il.net> wrote:
>=20
> I believe he (at least someone) was looking for recommendations to CGN ty=
pe devices. Many can do NAT, but looking for something a bit more intellige=
nt. Your standard residential user may not understand, but would also be un=
willing to pay any difference.=20
>=20
>=20
>=20
>=20
> -----=20
> Mike Hammett=20
> Intelligent Computing Solutions=20
> http://www.ics-il.com=20
>=20
> ----- Original Message -----
>=20
> From: "Mel Beckman" <mel@beckman.org>=20
> To: "Josh Moore" <jmoore@atcnetworks.net>=20
> Cc: johnl@iecc.com, nanog@nanog.org=20
> Sent: Sunday, July 5, 2015 9:12:37 AM=20
> Subject: Re: Dual stack IPv6 for IPv4 depletion=20
>=20
> Josh,=20
>=20
> Your job is simple, then. Deliver dual-stack to your customers and if the=
y want IPv6 they need only get an IPv6-enabled firewall. Unless you're also=
an IT consultant to your customers, your job is done. If you already suppl=
y the CPE firewall, then you need only turn on IPv6 for customers who reque=
st it. With the right kind of CPE, you can run MPLS or EoIP and deliver pub=
lic IPv4 /32s to customers willing to pay for them. Otherwise it's private =
IPv4 and NAT as usual for IPv4 traffic.=20
>=20
> -mel via cell=20
>=20
>> On Jul 5, 2015, at 6:57 AM, Josh Moore <jmoore@atcnetworks.net> wrote:=20
>>=20
>> We are the ISP and I have a /32 :)=20
>>=20
>> I'm simply looking at the best strategy for migrating my subscribers off=
v4 from the perspective of solving the address utilization crisis while st=
ill providing compatibility for those one-off sites and services that are s=
till on v4.=20
>>=20
>>=20
>>=20
>>=20
>> Thanks,=20
>>=20
>> Joshua Moore=20
>> Network Engineer=20
>> ATC Broadband=20
>> 912.632.3161=20
>>=20
>> On Jul 5, 2015, at 9:55 AM, Mel Beckman <mel@beckman.org> wrote:=20
>>=20
>>>>=20
>>>> Josh Moore wrote:=20
>>>>=20
>>>> Tunnels behind a CPE and 4to6 NAT seem like bandaid fixes as they do n=
ot give the benefit of true end to end IPv6 connectivity in the sense of ev=
ery device has a one to one global address mapping.
>>>=20
>>> No, tunnels do give you one to one global IPv6 address mapping for ever=
y device. From a testing perspective, a tunnelbroker works just as if you h=
ad a second IPv6-only ISP. If you're fortunate enough to have a dual-stack =
ISP already, you can forgo tunneling altogether and just use an IPv6-capabl=
e border firewall.=20
>>>=20
>>> William Waites wrote:=20
>>>> I was helping my=20
>>>> friend who likes Apple things connect to the local community=20
>>>> network. He wanted to use an Airport as his home gateway rather than=20
>>>> the router that we normally use. Turns out these things can *only* do=
=20
>>>> IPv6 with tunnels and cannot do IPv6 on PPPoE. Go figure. So there is=
=20
>>>> not exactly a clear path to native IPv6 for your lab this way.
>>>=20
>>> Nobody is recommending the Apple router as a border firewall. It's terr=
ible for that. But it's a ready-to-go tunnelbroker gateway. If your ISP can=
't deliver IPv6, tunneling is the clear path to building a lab. If you have=
a dual-stack ISP already, the clear path is to use an IPv6-capable border =
firewall.=20
>>>=20
>>> So you are in a maze of non-twisty paths, all alike :)
>=20
