Throw me a IPv6 bone (sort of was IPv6 ignorance)

Tore Anderson tore.anderson at
Sat Sep 22 15:57:45 UTC 2012

* Mark Radabaugh

> Thanks for the help.  We are actually in decent shape with respect to
> IPv4, probably at least 1 if not 2 years at current growth rate. We can
> deliver dual stack with public IPv4/6 to customers now.  This is the
> planning stage for <<giant NAT box>>, assuming there are no better options.
> We are starting to provide some customers with managed CPE and your
> alternative suggestion may be the way to go.  There are several other
> business/management/support advantages to Amplex supplying the CPE.  
> This may be reason enough to expand that program.
> I didn't really think we would be able to run IPv6 only in the near
> future but wanted to make sure I wasn't missing something obvious.

Okay. In this case I would pay very close attention to MAP/4RD. Here are
some drafts to get you started:

There are different flavours, but as I understand it, the basic idea is
the same... You won't find shipping products today, but there will
probably be by the time you need it. Like DS-Lite, it assumes an
IPv6-only access network, with the CPE communicating with a centralised
component over IPv6 to provision IPv4 service for the subscriber's LAN.

Unlike DS-Lite, however, the central component does not perform NAT or
any other stateful translations - what it essentially does is to steal
bits from the TCP/UDP port space for routing, so (oversimplified)
subscriber A gets ports 2000-2999, B gets 3000-3999, and so forth. The
subscriber will be able to receive internet-initiated traffic to his
assigned port range. The NAT44 function in the CPE works pretty much
like today, except that it must ensure the source ports are rewritten to
fall inside its assigned range. You can also provision an «entire IPv4»
to a single CPE also, for example as a premium service.

The central component is operating in stateless mode, so it'll be easier
to scale than any centralised NAT, and you can also anycast it, load
balance between several instances using ECMP, and so on.

In my opinion, it looks like a much better approach than DS-Lite, both
for the subscriber and the service provider - as long as you can wait
for it a little while.

Best regards,
Tore Anderson
Redpill Linpro AS -

More information about the NANOG mailing list