Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)

George Bonser gbonser at seven.com
Fri Oct 22 02:21:41 UTC 2010


> How do you do that for IPv4... There's nothing new here. The failure
> modes
> are identical and your NAT box in IPv4 doesn't protect you from this
> any
> better.

With IPv4 I don't generally use two sets of prefixes for the same
traffic from the same site to the Internet unless there is some sort of
appliance in the path that somehow decides the "best" one to use for NAT
and even then I am not convinced of such a device's utility in a general
purpose sense.  There might be corner cases where such an option is
useful, though.  I was making the point that trying to use two prefixes
for the same traffic from the same site as some sort of redundancy
doesn't really offer it because it only offers relief if your link to
the provider drops.  There are all sorts of other problems that can
happen out on "the net" to make one prefix reachable but the other one
not reachable from a remote site.  Multihoming the same prefix from two
providers is generally more reliable because if the remote network can
"see" either provider, you are good and traffic can "fail over" from
provider A to provider B in the course of a transaction without
disruption.

To recap, this tangent of the original thread was about the typical
practice at small offices without a lot of network savvy to number the
network in 1918 space and use a NAT at the Internet edge.  To change
providers, you simply change the NAT pool and you are done.

With v6, while changing prefixes is easy for some gear, other gear is
not so easy.  If you number your entire network in Provider A's space,
you might have more trouble renumbering into Provider B's space because
now you have to change your DHCP ranges, probably visit printers, fax
machines, wireless gateways, etc. and renumber those, etc.  And some
production boxes that you might have in the office data center are
probably best left at a static IP address, particularly if they are
fronted by a load balancer where their IP is manually configured.

The complaint was that there is no equivalent in v6 and that someone is
probably going to build and sell one and we will be right back in the
same situation with v6 with networks in ULA space being NATed at the
edge.  People aren't going to want very much of their network
infrastructure support tied to a provider's IP space.
 
The small operation of which there are millions in this country, cannot
justify the expense of multihoming for the sole reason of having an IP
address range that doesn't change.  As soon as the same configuration
currently used is available for v6, you will see mass adoption of it.
The lack of this currently in the market is probably one of the major
drags on the adoption of v6 in the small office environment.  People
just do not want to number their internal network into PA space and
can't justify the requirements to get PI space.

> In fact, even multihomed BGP doesn't protect you from this unless
> you're
> taking a full table (which is a lot more practical in IPv6 than IPv4).
> 
> Owen





More information about the NANOG mailing list