IPV6 renumbering painless?
Leo Bicknell
bicknell at ufp.org
Thu Nov 11 16:37:53 UTC 2004
In a message written on Thu, Nov 11, 2004 at 04:22:28PM +0000, Michael.Dillon at radianz.com wrote:
> Correct me if I'm wrong, but doesn't IPv6 do away
> with the need to renumber when switching providers?
> So if RFC 2462 is right, and you use DNS outside
> your network and you update that DNS at the moment
> of switching providers, everything on your network
> automatically acquires new IPv6 globally routable
> addresses as soon as the gateway router is connected
> to the new provider. Seems to me that with a little
> bit of help from a "Change providers" tool, this
> would be virtually painless without the need to
> own or announce a small globally unique prefix.
That is how it has been designed, however there are some practical
problems with this system:
- Until very recently DNS software did not support A6 records at
all, and "chain" support for A6 records still seems to be a work
in progress.
- I presume the problem with using DNS to find your DNS servers is
obvious, so you probably still need a mechanism (static config,
DHCP) to push out nameserver addresses to all boxes at some point
in the cut over.
- This solution works only to update the interface IP address on
a box, and does not address any of the other application
configurations that might need to be updated, including but not
limited to:
- ACL's on the box or routers to allow/disallow the new network.
- Network analysis tools to include the new network.
- IGP or BGP configuration to include the new network.
- Also note, if you are unable to have the two services overlap
(eg, must disconnect from the first, and then hours, days, weeks)
connect to the second you have the potential to lose access to
all your boxes locally in the mean time with this system. The
solution is some sort of site-local/1918/ula address overlay.
It is the last point that leads to the most interesting problem.
If you create a local overlay network to always maintain access to
your local boxes, then is it actually easier to push out an additional
IP address to every end box, and update your IGP, firewall rules,
and other configs, or is it easier to run NAT at the edge to convert
your local network to public IP's?
--
Leo Bicknell - bicknell at ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20041111/74733c61/attachment.sig>
More information about the NANOG
mailing list