Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)

• Previous message (by thread): Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)
• Next message (by thread): Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 -Unique local addresses)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In a message written on Thu, Oct 21, 2010 at 07:21:41PM -0700, George Bonser wrote:
> With v6, while changing prefixes is easy for some gear, other gear is
> not so easy.  If you number your entire network in Provider A's space,
> you might have more trouble renumbering into Provider B's space because
> now you have to change your DHCP ranges, probably visit printers, fax
> machines, wireless gateways, etc. and renumber those, etc.  And some
> production boxes that you might have in the office data center are
> probably best left at a static IP address, particularly if they are
> fronted by a load balancer where their IP is manually configured.
> 
> The complaint was that there is no equivalent in v6 and that someone is
> probably going to build and sell one and we will be right back in the
> same situation with v6 with networks in ULA space being NATed at the
> edge.  People aren't going to want very much of their network
> infrastructure support tied to a provider's IP space.

It would seem to me there is a market for a "new sort of NAT" with
IPv6.  That is the technology is not new, but it's a model we can't
do in IPv4.

If you could number your internal network out of some IPv6 space
(possibly 1918 style, possibly not), probably a /48, and then get
from your two (or more) upstreams /48's of PA space you could do
1:1 NAT.  No PAT, just pure address translation, 1:1.

You can "renumber" by configuring a new outside translation.  The
NAT box can do the load distribution functions discussed here, some
users out one provider, others out the second provider.  There is
no port complication, so incoming connections are much simpler.

It's a vast improvement over the port based mess we have now, and
provides an interesting way to "multihome" at the edge.  If we could get
a simple protocol, in the model of UDLD to go NAT box to Provider router
to establish that it was up, and a little bit of DNS software magic to
make it easier to manage the external addresses appearing in DNS for
exposed services this could solve the vast majority of small site
multihoming needs.

What makes it all possible is the same prefix length internally and
from all providers.  It's a reason why /48 could be important.

Given all effort put into "better" multihoming in IPv6 I'm really
surprised this simple solution which basically exists in code today
(porting an IPv4 NAT to IPv6, if there is no PAT, is easy).

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20101021/212e2539/attachment.sig>

• Previous message (by thread): Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)
• Next message (by thread): Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 -Unique local addresses)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]