Question about migrating to IPv6 with multiple upstreams.

Owen DeLong owen at delong.com
Mon Jun 13 19:48:06 CDT 2011


The vastly better option is to obtain a prefix and ASN from ARIN and merely trade BGP with your
upstream providers.

Prefix translation comes with all the same disabilities that are present when you do this in IPv4.

In IPv4, everyone's software expects you to have a broken network (NAT) and there is lots of extra
code in all of the applications to work around this.

In iPv6, it is not unlikely that this code will eventually get removed and you will then have a high
level of application problems in your "prefix-translated" environment.

Owen

On Jun 12, 2011, at 11:46 AM, Randy Carpenter wrote:

> Prefix translation looks to be exactly what we need to do here. Thanks for all of the replies.
> 
> 
> -Randy
> 
> On Jun 12, 2011, at 2:42, Seth Mos <seth.mos at dds.nl> wrote:
> 
>> 
>> Op 12 jun 2011, om 03:50 heeft Randy Carpenter het volgende geschreven:
>> 
>>> 
>>> I have an interesting situation at a business that I am working on. We currently have the office set up with redundant connections for their mission critical servers and such, and also have a (cheap) cable modem for general browsing on client machines.
>> 
>> So basically policy routing?
>> 
>>> The interesting part is that the client machines need to access some customer networks via the main redundant network, so we have a firewall set up to route those connections via the redundant connections, and everything else via the cheaper, faster cable modem. NAT is used on both outbound connections.
>> 
>> Yep that sounds like policy routing.
>> 
>>> With IPv6, we are having some trouble coming up with a way to do this. Since there is no NAT, does anyone have any ideas as to how this could be accomplished?
>> 
>> Sure there is NAT, you can use prefix translation to translate your Global Address Range from the redundant ISP to the Cable ISP Global address range when leaving that interface. I've run a similar setup with 3 independent ISPs with IPv6 netblocks.
>> 
>> Whichever connection the traffic went out it got the right GUA mapped onto it. Note that this is 1:1 NAT and not N:1.
>> 
>> In my case there was no primary GUA range, I used a ULA on the LAN side of things, and mapped the corresponding GUA onto it when leaving the network. I had 3 rules, 1 for each WAN and mapped the ULA/56 to the GUA/56.
>> 
>> In your case you already have a primary connection of sorts, so I'd suggest using that on the LAN side and only map the other GUA onto it when it leaves the other interfaces.
>> 
>> The policy routing rules on your firewall can make all the routing decissions for you.
>> 
>> If you search google for "IPv6 network prefix translation" there will be a firewall listed that can do this somewhere in the middle of the page.
>> 
>> Cheers,
>> 
>> Seth
>> 





More information about the NANOG mailing list