[181810] in North American Network Operators' Group
Re: Dual stack IPv6 for IPv4 depletion
daemon@ATHENA.MIT.EDU (Mel Beckman)
Sun Jul 5 11:35:15 2015
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: Mike Hammett <nanog@ics-il.net>
Date: Sun, 5 Jul 2015 15:35:10 +0000
In-Reply-To: <222712908.245.1436107724025.JavaMail.mhammett@ThunderFuck>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
I guess the WISPs I advise get better advice :)
-mel via cell
> On Jul 5, 2015, at 7:51 AM, Mike Hammett <nanog@ics-il.net> wrote:
>=20
> You must know different WISPs than I know (and I know hundreds). Most WIS=
Ps use IPv4 publicly, no IPv6 and don't have any boxes capable of synced NA=
T tables.=20
>=20
>=20
>=20
>=20
> -----=20
> Mike Hammett=20
> Intelligent Computing Solutions=20
> http://www.ics-il.com=20
>=20
>=20
>=20
> Midwest Internet Exchange=20
> http://www.midwest-ix.com=20
>=20
>=20
>=20
> ----- Original Message -----
>=20
> From: "Mel Beckman" <mel@beckman.org>=20
> To: "Josh Moore" <jmoore@atcnetworks.net>=20
> Cc: johnl@iecc.com, nanog@nanog.org=20
> Sent: Sunday, July 5, 2015 9:43:40 AM=20
> Subject: Re: Dual stack IPv6 for IPv4 depletion=20
>=20
> WISPs have been good at solving this, as they are often deploying greenfi=
eld networks. They use private IPv4 internally and NAT IPv4 at multiple exi=
t points. IPv6 is seamlessly redundant, since customers all receive global =
/64s; BGP handles failover. If you home multiple upstream providers on a si=
ngle NAT gateway hardware stack, redundancy is also seamless, since your NA=
T tables are synced across redundant stack members. If you have separate st=
acks, or even sites, IPv4 can fail over to an alternate NAT Border gateway =
but will lose session contexts, unless you go to the trouble of syncing the=
gateways. Most WISPs don't.=20
>=20
> -mel beckman=20
>=20
>> On Jul 5, 2015, at 7:25 AM, Josh Moore <jmoore@atcnetworks.net> wrote:=20
>>=20
>> So the question is: where do you perform the NAT and how can it be redun=
dant?=20
>>=20
>>=20
>>=20
>>=20
>> Thanks,=20
>>=20
>> Joshua Moore=20
>> Network Engineer=20
>> ATC Broadband=20
>> 912.632.3161=20
>>=20
>>> On Jul 5, 2015, at 10:12 AM, Mel Beckman <mel@beckman.org> wrote:=20
>>>=20
>>> Josh,=20
>>>=20
>>> Your job is simple, then. Deliver dual-stack to your customers and if t=
hey want IPv6 they need only get an IPv6-enabled firewall. Unless you're al=
so an IT consultant to your customers, your job is done. If you already sup=
ply the CPE firewall, then you need only turn on IPv6 for customers who req=
uest it. With the right kind of CPE, you can run MPLS or EoIP and deliver p=
ublic IPv4 /32s to customers willing to pay for them. Otherwise it's privat=
e IPv4 and NAT as usual for IPv4 traffic.=20
>>>=20
>>> -mel via cell=20
>>>=20
>>>> On Jul 5, 2015, at 6:57 AM, Josh Moore <jmoore@atcnetworks.net> wrote:=
=20
>>>>=20
>>>> We are the ISP and I have a /32 :)=20
>>>>=20
>>>> I'm simply looking at the best strategy for migrating my subscribers o=
ff v4 from the perspective of solving the address utilization crisis while =
still providing compatibility for those one-off sites and services that are=
still on v4.=20
>>>>=20
>>>>=20
>>>>=20
>>>>=20
>>>> Thanks,=20
>>>>=20
>>>> Joshua Moore=20
>>>> Network Engineer=20
>>>> ATC Broadband=20
>>>> 912.632.3161=20
>>>>=20
>>>> On Jul 5, 2015, at 9:55 AM, Mel Beckman <mel@beckman.org> wrote:=20
>>>>=20
>>>>>>=20
>>>>>> Josh Moore wrote:=20
>>>>>>=20
>>>>>> Tunnels behind a CPE and 4to6 NAT seem like bandaid fixes as they do=
not give the benefit of true end to end IPv6 connectivity in the sense of =
every device has a one to one global address mapping.
>>>>>=20
>>>>> No, tunnels do give you one to one global IPv6 address mapping for ev=
ery device. From a testing perspective, a tunnelbroker works just as if you=
had a second IPv6-only ISP. If you're fortunate enough to have a dual-stac=
k ISP already, you can forgo tunneling altogether and just use an IPv6-capa=
ble border firewall.=20
>>>>>=20
>>>>> William Waites wrote:=20
>>>>>> I was helping my=20
>>>>>> friend who likes Apple things connect to the local community=20
>>>>>> network. He wanted to use an Airport as his home gateway rather than=
=20
>>>>>> the router that we normally use. Turns out these things can *only* d=
o=20
>>>>>> IPv6 with tunnels and cannot do IPv6 on PPPoE. Go figure. So there i=
s=20
>>>>>> not exactly a clear path to native IPv6 for your lab this way.
>>>>>=20
>>>>> Nobody is recommending the Apple router as a border firewall. It's te=
rrible for that. But it's a ready-to-go tunnelbroker gateway. If your ISP c=
an't deliver IPv6, tunneling is the clear path to building a lab. If you ha=
ve a dual-stack ISP already, the clear path is to use an IPv6-capable borde=
r firewall.=20
>>>>>=20
>>>>> So you are in a maze of non-twisty paths, all alike :)=20
