IPv6 allocation plan, security, and 6-to-4 conversion

Baldur Norddahl baldur.norddahl at gmail.com
Fri Jan 30 19:46:57 UTC 2015


Single stacking on IPv6 is nice in theory. In practice it just doesn't work
yet. If you as an ISP tried to force all your customers to be IPv6 single
stack, you would go bust.

Therefore the only option is dual stack. The IPv4 can be private address
space with carrier NAT - but you will need to give the users an IPv4 on
their internal network. Otherwise there is simply too much that breaks. But
you also want to give them IPv6, so they can escape your carrier NAT.

Since carrier NAT sucks, we are buying extra IPv4 addresses instead. We
still need to dual stack - our customers want both IPv4 and IPv6.

Currently it might even be cheaper to buy extra addresses compared to
implement carrier NAT. The equipment to do high speed NAT is not free and
neither is the extra support and operating complications.

Regards,

Baldur


On 30 January 2015 at 19:46, Tore Anderson <tore at fud.no> wrote:

> * Mel Beckman
>
> >    Um, haven't you heard that we are out of IPv4 addresses? The point
> > of IPv6 is to expand address space so that the Internet can keep
> > growing. Maybe you don't want to grow with it, but most people do.
> > Eventually IPv4 will be dropped and the Internet will be IPv6-only.
> > Dual-stack is just a convenient transition mechanism.
>
> Mel,
>
> Dual-stack was positioned to be a convenient transition mechanism 15
> years ago (to take the year when RFC 2893 was published). However, that
> train left the platform mostly empty years ago, when the first RIRs
> started to run out of IPv4 addresses. After all, we were supposed to
> have dual-stack everywhere *before* we ran out of IPv4. That didn't
> happen.
>
> The key point is: In order to run dual-stack, you need as many IPv4
> addresses as you do to run IPv4-only. Or to put it another way: If you
> don't have enough IPv4 addresses to run IPv4-only, then you don't have
> enough IPv4 addresses to run dual-stack either.
>
> Sure, you can squeeze some more life-time out of IPv4 by adding more
> NAT (something which is completely orthogonal to deploying IPv6
> simultaneously). However, if you're already out of IPv4, and you
> already see no way forward except adding NAT, then you should seriously
> consider doing the NAT (or whatever backwards compat mechanism
> you prefer) between the residual IPv4 internet and your IPv6
> infrastructure, instead of doing it between IPv4 and IPv4.
>
> Running single-stack is simply much easier and less complex than
> dual-stack, and once your infrastructure is based on an IPv6-only
> foundation, you don't have to bother with any IPv4->IPv6 transition
> project ever again.
>
> Tore
>



More information about the NANOG mailing list