nanog mailing list archives

Re: IPv6 allocation plan, security, and 6-to-4 conversion


From: Baldur Norddahl <baldur.norddahl () gmail com>
Date: Fri, 30 Jan 2015 20:46:57 +0100

Single stacking on IPv6 is nice in theory. In practice it just doesn't work
yet. If you as an ISP tried to force all your customers to be IPv6 single
stack, you would go bust.

Therefore the only option is dual stack. The IPv4 can be private address
space with carrier NAT - but you will need to give the users an IPv4 on
their internal network. Otherwise there is simply too much that breaks. But
you also want to give them IPv6, so they can escape your carrier NAT.

Since carrier NAT sucks, we are buying extra IPv4 addresses instead. We
still need to dual stack - our customers want both IPv4 and IPv6.

Currently it might even be cheaper to buy extra addresses compared to
implement carrier NAT. The equipment to do high speed NAT is not free and
neither is the extra support and operating complications.

Regards,

Baldur


On 30 January 2015 at 19:46, Tore Anderson <tore () fud no> wrote:

* Mel Beckman

   Um, haven't you heard that we are out of IPv4 addresses? The point
of IPv6 is to expand address space so that the Internet can keep
growing. Maybe you don't want to grow with it, but most people do.
Eventually IPv4 will be dropped and the Internet will be IPv6-only.
Dual-stack is just a convenient transition mechanism.

Mel,

Dual-stack was positioned to be a convenient transition mechanism 15
years ago (to take the year when RFC 2893 was published). However, that
train left the platform mostly empty years ago, when the first RIRs
started to run out of IPv4 addresses. After all, we were supposed to
have dual-stack everywhere *before* we ran out of IPv4. That didn't
happen.

The key point is: In order to run dual-stack, you need as many IPv4
addresses as you do to run IPv4-only. Or to put it another way: If you
don't have enough IPv4 addresses to run IPv4-only, then you don't have
enough IPv4 addresses to run dual-stack either.

Sure, you can squeeze some more life-time out of IPv4 by adding more
NAT (something which is completely orthogonal to deploying IPv6
simultaneously). However, if you're already out of IPv4, and you
already see no way forward except adding NAT, then you should seriously
consider doing the NAT (or whatever backwards compat mechanism
you prefer) between the residual IPv4 internet and your IPv6
infrastructure, instead of doing it between IPv4 and IPv4.

Running single-stack is simply much easier and less complex than
dual-stack, and once your infrastructure is based on an IPv6-only
foundation, you don't have to bother with any IPv4->IPv6 transition
project ever again.

Tore



Current thread: