WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

RE: [Xen-users] IPV4 is nearly depleted, are you ready for IPV6?

Jonathan Tripathy wrote:

As for the NAT issue, indeed a really do love NAT. I find it a huge culture shock and unsettling that in an IPv6 world, all internal machines will have public routable IP addresses. Does this mean that the traditional "Edge Firewalls/NAT routers" would become filtering bridges? As surly the world couldn't depend solely on host-bases firewalls... (could we?!)
Err, traditionally all hosts once had public routable addresses. NAT 
is a new fangled abomination that really does cause lots of problems 
for lots of traffic - I'm involved with VoIP at work, anyone who'se 
dealt with that and NAT will know what I mean.
In practice I think your edge (NAT) router/firewall will become an 
edge router/firewall with your own IPv6 subnet on the inside of it.
I guess if each "internal" network in the world had it's own IPv6 subnet, then we could just use a standard firewall-router (in no-NAT mode). However it just seems like extra trouble to go and obtain an IPv6 block from the responsible body. For example, I spin up many test internal networks on a daily basis just to play around with them - I don't really want to "register" these networks.
You can use link-local addresses for such testing, and I believe 
there is also a "private" range set aside for use within an 
organisation - ie it's routable, but only between sites internal to 
an organisation.
As for public addresses, AIUI, unless you are really big then you 
will never get your own subnet allocation - this being one of the 
problems with IPv4.


If any of the below is wrong, then I'd be more than happy to be corrected !


Apart from address exhaustion, one of the problems with IPv4 is the size of the global routing table which needs to track the location (in network terms) of every allocated and active block. So if you go to <your local registry> and get an address block allocated to yourself, then you or your ISP will need to advertise that block via BGP4 and the route will propagate around the world. I don't think it takes too much imagination to realise the number of such allocations.
If you just use a sub-allocation from your ISPs larger block then 
that isn't an issue - the ISP will only advertise a larger 
amalgamated route for the entire block. BUT you then are tied to that 
ISP.
AIUI, in IPv6 you have to be really, really big to get a direct 
allocation. Everyone else gets a delegated chunk from their upstream 
provider and in principal, all traffic routes upwards to a small set 
of supernodes. Thus the global routing table stays small. I guess 
ISPs will get together at exchanges and privately exchange routes, 
but this won't add to the global route table.
At each level, bodies will get a chunk delegated from above, and if 
you take a connection from two ISPs for redundancy/aggregation then 
you will get two different delegated blocks. You cannot go and get 
your own block and have it routed via the two ISPs.
In practical terms, all hosts will expect to be multihomed, and all 
this (including changes of address when you change ISP) will be 
hidden in the DNS.
From what little I know of DNS with IPv6 this isn't as bad as it 
might seem. AUIU, AAAA records are heirarchical unlike IPv4 A records 
which simply specify "an address". An AAAA record specifies addresses 
relative to a prefix - so in theory you could change everything by 
just changing the single record that specifies the prefix.
I think DNS will become FAR more important with IPv6 - for the simple 
reason that few people are going to be able to remember real IPv6 
addresses ! I think this is a good thing, one of the things that irks 
me are sites I have to work at where the DNS is broken and no-one 
cares (or probably even realises) since it's so easy to just use 
192.168.1.xxx.
In the case of someone changing ISP - their prefix will change, and 
so they'll have to update that element in their DNS. But once they've 
done that, they will still be able to access stuff by the same DNS 
name (eg main-server.ho.somecompanyname.com). As long as us Techies 
have got it all right, the end users should neither see any 
difference nor have any need to care.

That's what I know of the theory, now all I need to learn is how to put it into practice.

Oh yes, and one upside I can see is that HTTPS will be easier to use. At present, you either need an (expensive) multi-host certificate or a separate address for each host. Given the shortage of addresses, few providers will give you your own address on a shared server without an extra charge - but that shouldn't be an issue when we all have so many addresses.
--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users