IETF Logo Mail Archive

Re: [v6ops] Follow-up Discussion - draft-ietf-v6ops-design-choices - NAT

Philip Matthews <philip_matthews@magma.ca> Wed, 21 October 2015 11:52 UTC

Return-Path: <philip_matthews@magma.ca>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 833A51A92BC for <v6ops@ietfa.amsl.com>; Wed, 21 Oct 2015 04:52:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wkB2RckeCbxg for <v6ops@ietfa.amsl.com>; Wed, 21 Oct 2015 04:52:01 -0700 (PDT)
Received: from tor-smtp-05.primus.ca (smtp-auth2-151.primus.ca [216.254.140.151]) by ietfa.amsl.com (Postfix) with ESMTP id A1EB01A9250 for <v6ops@ietf.org>; Wed, 21 Oct 2015 04:52:01 -0700 (PDT)
Received: from bas5-ottawa10-3096710379.dsl.bell.ca ([184.148.12.235] helo=[10.0.1.16]) by tor-smtp-05.primus.ca with esmtpa (Exim 4.84) (envelope-from <philip_matthews@magma.ca>) id 1Zorw0-0003bd-8a; Wed, 21 Oct 2015 07:52:00 -0400
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset="us-ascii"
From: Philip Matthews <philip_matthews@magma.ca>
In-Reply-To: <5626FD84.1050101@bogus.com>
Date: Wed, 21 Oct 2015 07:51:58 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <8A1B7AC2-AC0A-4553-946C-ED743450DD81@magma.ca>
References: <56250655.2040701@jvknet.com> <56254C98.2010501@gmail.com> <75421D8D-362D-4D47-AB56-B8CB7639CC51@magma.ca> <5626FD84.1050101@bogus.com>
To: joel jaeggli <joelja@bogus.com>
X-Mailer: Apple Mail (2.1085)
X-Authenticated: philip_matthews - bas5-ottawa10-3096710379.dsl.bell.ca ([10.0.1.16]) [184.148.12.235]
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/GekUlBFR_zh_11uVqlWdtuqVi6s>
Cc: v6ops@ietf.org
Subject: Re: [v6ops] Follow-up Discussion - draft-ietf-v6ops-design-choices - NAT
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2015 11:52:03 -0000

I agree that a business with 1 - 5 employees is likely to go the homenet route.

I was thinking of the somewhat larger business of say 70 - 200 employees, perhaps 2 or 4 locations, and with internal infrastructure. They have a small IT department (perhaps just 1 person), firewalls, perhaps VoIP, perhaps an extranet relationships with suppliers or partners, etc.

I am not an expert in the Enterprise area, so someone else may correct me, but I believe that such companies have not traditionally gotten PI space. Today, they would instead get PA space, use private addresses internally, and use NAT to avoid the renumbering issue when changing providers or to multi-home.

If such a company came to me today and asked "How do I deploy IPv6", then I would be reluctant to say "Get PA space from your provider and use it internally".  I feel this would be doing them a dis-service. 

It seems to me that the ideas that Brian mentions might become options in the future, but they are still in development and are not something that one could recommend to a company today. 

So right now, i see two options that I could realistically recommend to them:
1) Push them to get PI space.  (Would they qualify?  Perhaps someone more familiar with RIR policies can comment.)
2) Use ULA space internally and deploy NPT66.

Is there a viable 3rd option that a company could deploy today?

- Philip


On 2015-10-20, at 22:50 , joel jaeggli wrote:

> On 10/19/15 2:02 PM, Philip Matthews wrote:
>> Brian:
>> 
>> What solution would you recommend today to a small-to-medium-sized
>> enterprise that cannot get PI space and wants the flexibility to
>> easily change providers and possibly multi-home?
> 
> PI space usage is actually about attachment costs, not about the ability
> or inability to obtain it. it's obtainable but not usable if you favor
> low attachment cost.
> 
> Enterprises that favor low attachment costs like my home business favor
> provider managed address ranges, low friction interaction with cloud
> providers, soas for basically applications  and so on);are not going to
> place a great deal of value on source ip addresses, because among other
> things they aren't very stable; I'm sending this email from a train, my
> pan currently has addressing from t-mobile, when I get home that will
> change to comcast, the devices at home, which  can reach from here are
> still on comcast.  for newly initiated connections source address
> selection will tend to favor the network that currently works or if more
> than one exists favor the lower cost/faster  one however you choose to
> weight that .
> 
>> If the enterprise numbers their network internally with PA space,
>> then they need to renumber to change providers. Though this is
>> definitely easier in IPv6 than IPv4, it is still not "easy".  And
>> what about multi-homing?
> 
> if you want a genuinly low attachment cost network al la homenet then
> renumbering for the purposes of useful source selection needs to be
> readily feasible, and fairly transparent. For destination based
> multihoming DNS based GTM, health-checking, low ttls  and other features
> commonly provided as applications are really the rule of the day today
> and that doesn't seem likely to change.
> 
>> - Philip
>> 
>> 
>> On 2015-10-19, at 16:03 , Brian E Carpenter wrote:
>> 
>>>> If ULAs are the only non-Link-Local address available the hosts,
>>>> the enterprise will need to use translation technologies such as
>>>> NPT[RFC6296] or NAT66 to reach the Internet.
>>> 
>>> I think this is still the wrong message. Here's my suggestion:
>>> 
>>> The best approach is to use ULAs for internal communications and 
>>> normal IPv6 addresses for external communications. Running
>>> multiple addresses in this way is a standard feature of IPv6. If
>>> for some reason an enterprise decides to use ULAs as the only
>>> non-Link-Local address available to its hosts, the enterprise will
>>> also need to use the experimental address prefix technology
>>> translation known as NPTv6 [RFC6296] to reach the Internet. Full
>>> address translation (known as NAT66) is never needed for IPv6 since
>>> there is no address shortage.
>>> 
>>> Regards Brian Carpenter
>>> 
>>> _______________________________________________ v6ops mailing list 
>>> v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
>>> 
>> 
>> _______________________________________________ v6ops mailing list 
>> v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
>> 
> 
>

v2.23.0 | Report a Bug | By Email