Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)

Stephen Sprunk stephen at sprunk.org
Tue Oct 2 17:20:05 UTC 2007


Thus spake Duane Waddle
> On 10/2/07, Stephen Sprunk <stephen at sprunk.org> wrote:
>> If you think anyone will be deploying v6 without a stateful firewall,
>> you're delusional.  That battle is long over.  The best we can hope
>> for is that those personal firewalls won't do NAT as well.
>
> Vendor C claims to support v6 (without NAT) in their "enterprise
> class" stateful firewall appliance as of OS version 7.2 (or
> thereabouts, perhaps 7.0).  I've not tried it out yet to see how
> well it works.

Good for them.  Perhaps one day their Divison L will wake up and do the same 
for consumer products.

> But, as far as the home/home office goes -- will my cable/dsl
> provider be able (willing?) to route a small v6 prefix to my home
> so that I can use a bitty-box stateful v6 firewall without NAT?
> What will be the cost to me, the home subscriber, to get said
> routable prefix?  I am sure it increases the operator's expense
> to route a prefix to most (if not every) broadband subscriber in
> an area.

Pricing is, of course, up to the vendors and operators in question.

One possibility is that your CPE box would do a DHCP PD request for a /64 
upstream, the /64 would come out of a pool for your POP.  As the response 
came back downstream from whatever box managed the pool, routers would 
install the /64 in their tables to make it reachable.  It wouldn't need to 
propogate any higher than the POP since the the POP's routers would be 
advertising a constant aggregate for the pool into the core.

Another possibility is that the operator would assign a /48 (or /56) to your 
cable/DSL modem, which would handle the above functions at the home level 
instead of the POP level.  It would provide a /64 natively on its own 
interface, and delegate /64s to downstream devices on request.  If 
customer-owned CPE boxes did the same thing, you could chain hundreds of 
them together and have a network that Just Worked(tm).

> In the beginning, cable operators were reluctant to support home
> customers using NAT routers to share their access.

Of course -- they were used to charging per television.  However, they 
learned over time that they really wanted to charge for usage and the 
per-computer model didn't work like the per-television model did.  Now they 
don't care about how many computers you have, just how many bits you move. 
That's a good thing.

> Now, renting/selling NAT routers to customers has become a
> revenue stream for some.

I bet they break even at best on the rentals, given how often the darn 
things die.  One shipment and/or truck roll eliminates a year's profit 
margin on the equipment, even if the replacement box itself is free.

> How does lack of v6 NAT affect all of this?

It prevents them from being characteristically stupid.  However, I wouldn't 
be surprised if one or more of them demanded it from their vendors, though, 
or if their vendors caved to win a deal.

S

Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking 





More information about the NANOG mailing list