Question about migrating to IPv6 with multiple upstreams.

Ray Soucy rps at maine.edu
Tue Jun 14 17:52:47 UTC 2011


It's a security and operational issue.

The perception is that it's easier to monitor, manage, and filter one
address per host instead of 3.  For most in the enterprise world it's
a non-starter to have that setup; even if that perception is a false
one.

Not sure I have the energy to re-hash the tired old NAT debate though. ;-)

On Tue, Jun 14, 2011 at 1:38 PM,  <Valdis.Kletnieks at vt.edu> wrote:
> On Tue, 14 Jun 2011 13:04:11 EDT, Ray Soucy said:
>
>> A better solution; and the one I think that will be adopted in the
>> long term as soon as vendors come into the fold, is to swap out
>> RFC1918 with ULA addressing, and swap out PAT with NPT; then use
>> policy routing to handle load balancing and failover the way most
>> "dual WAN" multifunction firewalls do today.
>>
>> Example:
>>
>> Each provider provides a 48-bit prefix;
>>
>> Internally you use a ULA prefix; and setup prefix translation so that
>> the prefix gets swapped appropriately for each uplink interface.  This
>> provides the benefits of "NAT" used today; without the drawback of
>> having to do funky port rewriting and restricting incoming traffic to
>> mapped assignments or UPnP.
>
> Why do people insist on creating solutions where each host has exactly one IPv6
> address, instead of letting each host have *three* (in this case) - a ULA and
> two provider-prefixed addresses?
>



-- 
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/




More information about the NANOG mailing list