Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
And right now I have only two solutions: NAT or PIR. And the second one is expensive and complex.
Forget IPv6 NAT; use LISP instead
Posted Jul 24, 2011 20:58 UTC (Sun) by baldur (guest, #77305)
Or if you are using Cisco go here: http://lisp4.cisco.com/index.html
The Linux implementation (which seems less mature): https://github.com/aless/
The available NAT66 solutions do not seem to be any more mature than LISP. Since LISP is so far superior I can not imagine the world taking on NAT66 at a greater scale. I would therefore expect little or no application support for NAT66 and a world of hurt for those that follow that ill path. There for sure are zero applications today that handles NAT on IPv6 (using STUN to figure out the real IP address and all that jazz).
Posted Jul 25, 2011 8:35 UTC (Mon) by Cyberax (✭ supporter ✭, #52523)
I have IPv6 address assignment from my ISP. I want to use LISP. What should I do?
Posted Jul 25, 2011 9:39 UTC (Mon) by baldur (guest, #77305)
Otherwise you can ignore the network and install your own PxTR(s) on collocated servers.
Posted Jul 25, 2011 13:10 UTC (Mon) by Cyberax (✭ supporter ✭, #52523)
Well, I can do this with IPSec tunnels or PPtP/GRE. And more easily, in fact.
Posted Jul 25, 2011 19:34 UTC (Mon) by baldur (guest, #77305)
But you are right - a tunnel is yet another way to solve the multihome issue. So now we got:
1) IPv6 with multiple prefixes
2) IPv6 with multiple prefixes and ULA
3) LISP: http://www.lisp4.net/
4) BGP multihome
5) NEMO and MIPv6: http://software.nautilus6.org/implementations.php
6) Custom tunnel
7) NAT66 (pre alpha version published on 15 Jul 2011: http://sourceforge.net/projects/nfnat66/).
We are currently doing 1) on a significantly larger network than the one you administer and it "just works". But I definitely think the future is 3). It might currently take some involvement to setup but that will change quickly.
The use cases and complaints that you have put forward are all solved by LISP and in a much better way than NAT66.
Posted Jul 26, 2011 16:26 UTC (Tue) by Cyberax (✭ supporter ✭, #52523)
MIPv6 and NEMO are effectively dead. They require cooperation of both parties to avoid triangular routing, and that's not going to happen because Windows has dropped MIPv6 support and has never had NEMO support.
I honestly think that NAT66 will be used quite widely. And it's actually not that bad, because it's possible to use it just in prefix-translation mode with 1-to-1 mapping.
Posted Jul 26, 2011 16:53 UTC (Tue) by baldur (guest, #77305)
Say you have ISP A and ISP B as uplinks. In addition pay for, rent or collocate a server at both ISPs where you install the LISP proxy software. Granted this extra expense but you got:
1) The ISPs are taking care of BGP.
2) Automatic load balancing both up and downstream.
3) Automatic failover.
4) If you got PI address space you can easily switch ISPs.
5) If one server goes down your are still good although this depends on the ISP stopping advertising your PI space.
LISP currently as an enormous amount of steam so I feel quite confident that the beta network will eventually convert to production state. At that point it will be just as easy to setup as NAT66 but without any of the drawbacks. All you would need is to login to the web interface of your standard router and check the LISP option. Then tell it four pieces of information: Your allocated EID, the address of the map service, your username and password.
Of course NAT66 will happen but I don't see multihoming or renumbering-protection as good use cases. These will be better handled by LISP. I don't see most applications getting good NAT66 handling the same way they have NAT44 handling today.
We are probably not going to get any more learnings or consensus out of this thread. I just wanted to point there are in fact more options than BGP and NAT66.
Posted Jul 26, 2011 17:53 UTC (Tue) by Cyberax (✭ supporter ✭, #52523)
We've actually considered a similar variant (colocate a server and use it to terminate GRE tunnels).
So while there may be other ways (I'll concede that multiple IPv6 addresses might work for somebody), your choice is still is very much between spending $$$$ and having in many ways inferior solution.
As for LISP, it merits its own article on LWN. And right now it's FAR from being really complete (which is OK, people are still working on it).
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds