Consumer Grade - IPV6 Enabled Router Firewalls.

Mark Newton newton at internode.com.au
Sun Dec 13 20:16:31 UTC 2009


On 13/12/2009, at 10:10 AM, Frank Bulk wrote:

> While the support burden will be raised, I think the network needs to be
> dual-stack from end-to-end if SPs want to keep middle-boxes out.  But for
> those who really do run out of IPv4 addresses, I'm not sure how middle-boxes
> can be avoided.  Kind of hard to tell customer n+1 that they can only visit
> the IPv6 part of the web.  Perhaps new customers will have to use a service
> provider's CGN and share IPv4 addresses until enough of the internet is
> dual-stack.


The most likely outcome I can see is that customers on services which 
feature dynamic IPv4 addresses (mostly residential) will end up behind
a CGN on a dual stack service.

I fully expect the CGN to suck mightily, mitigated somewhat by the fact
that the customer would also happen to have a non-NATted IPv6 address
if they upgrade their CPE to take advantage of it.

Despite the suckage, as long as email, web and VoIP keeps working I think
most residential customers wouldn't notice the CGN imposition at all.

The act of putting those customers behind a CGN would immediately free
up enough IPv4 addresses that the ISP concerned would have a virtually
limitless supply for fixed-IP business-grade services -- "virtually"
limitless in the sense that there'd be enough to feed those services
with new addresses for however much time it takes to complete an IPv6
transition.

How long will that take?  I don't think it'll be anywhere near as long
as most people appear to be expecting.  Sure, there'll be a large 
installed base of printers and home entertainment devices running legacy
IPv4-only software, but by and large they either don't need Internet
access at all or are quite happy talking to the world through NAT, and
can be mostly ignored for the purpose of a discussion about transition
durations (in the same way that we ignored all the HP JetDirect cards
when we talked about how long it took to turn the Internet classless).

I reckon CGNs will be so bad, with so many bugs and so much support
overhead that service providers and customers alike will want
to move past them as quickly as humanly possible, and the whole 
transition will be all done and dusted in a few years from their 
implementation.  It's going to be a total and absolute disaster, and
the only way out of it will be to move forward.

Of course, all of this is predicated on the notion that CGNs will
actually exist.  As far as I can tell they're all vapourware at the 
moment.  If there's one thing I've learned from all of this it's that
roadmap announcements aren't worth anything, and that if the vendors
ever do actually manage to get around to shipping something it'll
be so poorly thought out that it's impractical to use in a service 
provider environment until version 2 -- which, in the case of CGN,
will be too late.

  - mark

--
Mark Newton                               Email:  newton at internode.com.au (W)
Network Engineer                          Email:  newton at atdot.dotat.org  (H)
Internode Pty Ltd                         Desk:   +61-8-82282999
"Network Man" - Anagram of "Mark Newton"  Mobile: +61-416-202-223









More information about the NANOG mailing list