RE: [Xen-users] IPV4 is nearly depleted, are you ready for IPV6?
Jonathan Tripathy wrote:
As for the NAT issue, indeed a really do love NAT. I find it a huge
culture shock and unsettling that in an IPv6 world, all internal
machines will have public routable IP addresses. Does this mean that
the traditional "Edge Firewalls/NAT routers" would become filtering
bridges? As surly the world couldn't depend solely on host-bases
firewalls... (could we?!)
Err, traditionally all hosts once had public routable addresses. NAT
is a new fangled abomination that really does cause lots of problems
for lots of traffic - I'm involved with VoIP at work, anyone who'se
dealt with that and NAT will know what I mean.
In practice I think your edge (NAT) router/firewall will become an
edge router/firewall with your own IPv6 subnet on the inside of it.
I guess if each "internal" network in the world had it's own IPv6
subnet, then we could just use a standard firewall-router (in no-NAT
mode). However it just seems like extra trouble to go and obtain an
IPv6 block from the responsible body. For example, I spin up many
test internal networks on a daily basis just to play around with
them - I don't really want to "register" these networks.
You can use link-local addresses for such testing, and I believe
there is also a "private" range set aside for use within an
organisation - ie it's routable, but only between sites internal to
As for public addresses, AIUI, unless you are really big then you
will never get your own subnet allocation - this being one of the
problems with IPv4.
If any of the below is wrong, then I'd be more than happy to be corrected !
Apart from address exhaustion, one of the problems with IPv4 is the
size of the global routing table which needs to track the location
(in network terms) of every allocated and active block. So if you go
to <your local registry> and get an address block allocated to
yourself, then you or your ISP will need to advertise that block via
BGP4 and the route will propagate around the world. I don't think it
takes too much imagination to realise the number of such allocations.
If you just use a sub-allocation from your ISPs larger block then
that isn't an issue - the ISP will only advertise a larger
amalgamated route for the entire block. BUT you then are tied to that
AIUI, in IPv6 you have to be really, really big to get a direct
allocation. Everyone else gets a delegated chunk from their upstream
provider and in principal, all traffic routes upwards to a small set
of supernodes. Thus the global routing table stays small. I guess
ISPs will get together at exchanges and privately exchange routes,
but this won't add to the global route table.
At each level, bodies will get a chunk delegated from above, and if
you take a connection from two ISPs for redundancy/aggregation then
you will get two different delegated blocks. You cannot go and get
your own block and have it routed via the two ISPs.
In practical terms, all hosts will expect to be multihomed, and all
this (including changes of address when you change ISP) will be
hidden in the DNS.
From what little I know of DNS with IPv6 this isn't as bad as it
might seem. AUIU, AAAA records are heirarchical unlike IPv4 A records
which simply specify "an address". An AAAA record specifies addresses
relative to a prefix - so in theory you could change everything by
just changing the single record that specifies the prefix.
I think DNS will become FAR more important with IPv6 - for the simple
reason that few people are going to be able to remember real IPv6
addresses ! I think this is a good thing, one of the things that irks
me are sites I have to work at where the DNS is broken and no-one
cares (or probably even realises) since it's so easy to just use
In the case of someone changing ISP - their prefix will change, and
so they'll have to update that element in their DNS. But once they've
done that, they will still be able to access stuff by the same DNS
name (eg main-server.ho.somecompanyname.com). As long as us Techies
have got it all right, the end users should neither see any
difference nor have any need to care.
That's what I know of the theory, now all I need to learn is how to
put it into practice.
Oh yes, and one upside I can see is that HTTPS will be easier to use.
At present, you either need an (expensive) multi-host certificate or
a separate address for each host. Given the shortage of addresses,
few providers will give you your own address on a shared server
without an extra charge - but that shouldn't be an issue when we all
have so many addresses.
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
Xen-users mailing list
|<Prev in Thread]
||[Next in Thread>
Re: [Xen-users] IPV4 is nearly depleted, are you ready for IPV6?, Jonathan Tripathy
- Re: [Xen-users] IPV4 is nearly depleted, are you ready for IPV6?, (continued)
- Re: [Xen-users] IPV4 is nearly depleted, are you ready for IPV6?, chris
- RE: [Xen-users] IPV4 is nearly depleted, are you ready for IPV6?, James Harper
- Re: [Xen-users] IPV4 is nearly depleted, are you ready for IPV6?, Melody Bliss
- Re: [Xen-users] IPV4 is nearly depleted, are you ready for IPV6?, Simon Hobson
- Re: [Xen-users] IPV4 is nearly depleted, are you ready for IPV6?, Maarten Vanraes
- Re: [Xen-users] IPV4 is nearly depleted, are you ready for IPV6?, Thomas Ronner