Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com) [LWN.net]

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 22, 2010 20:32 UTC (Fri) by lutchann (subscriber, #8872)
In reply to: Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com) by dlang
Parent article: Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Again, it's all about having enough addresses. For ISPs to continue providing native IPv4 service to customers (where "native" might mean 1918 addresses and provider-side NAT44) they'll need to maintain an IPv4 infrastructure, which, again, they don't have enough addresses for without using overlapping 1918 blocks and internal NAT. If customers are IPv6-only, the ISP's infrastructure can be IPv6-only.

As you point out, some customers may occasionally require access to IPv4-only services on the legacy Internet, at least for the first year or so.</sarcasm> There are three ways this could be handled. First, the ISP could provide native dual-stack service to customers using 1918 addresses and NAT44 for IPv4, but obviously, if they were able to do this, they wouldn't bother rolling out IPv6 in the first place.

The second option would be NAT64, which I agree is new and experimental, although T-Mobile has tested it extensively and says it works surprisingly well. The main problem is that all devices at the customer site must be able to operate IPv6-only, so Aunt Tilly with her Windows 98 laptop isn't going to be happy. In addition, many applications (especially games) don't have IPv6 support even when running on an IPv6-capable OS. So NAT64 isn't really viable for most residential customers.

The most promising option is DS-Lite, which provides NAT'd IPv4 service via an IPv4-in-IPv6 tunnel. One endpoint of the tunnel is the home router or cable modem and the other endpoint is a NAT44 in the provider's network. This allows the provider's core network to be IPv6 only, but customer devices will have both IPv4 and IPv6 service. NAT sessions in the CGN are indexed by both the source IPv4 address and the IPv6 tunnel endpoint, so if two customer sites use the same IPv4 address range, there's no problem.

DS-Lite neatly solves a lot of problems: legacy IPv4 devices and applications at the customer site will still work, providers only need to run one protocol on their core network, global IPv4 addresses can be utilized efficiently, and there is only one NAT in the path because there is no longer a need to NAT at the customer site. DS-Lite relies on two well-tested technologies, IP-in-IP tunnelling and NAT44.

A number of ISPs have indicated they'll probably be deploying DS-Lite, including Comcast.

to post comments

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 22, 2010 21:00 UTC (Fri) by dlang (guest, #313) [Link] (1 responses)

is there something similar to NAT64 that could be run on the home routers that would let people run IPv4 internally, NAT to IPv6 on the router, and then NAT64 back to IPv4 later?

I cringe at even typing this, but it may be better than having to tunnel everything to specific endpoints. If enough ISPs were to go this route, they could start peering to each other with IPv6 and the traffic would just get converted to IPv4 as it goes to the servers.

I don't think that the DS-Lite approach will have the results you are expecting, because customers will still be running NAT on their devices.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 23, 2010 14:51 UTC (Sat) by lutchann (subscriber, #8872) [Link]

> is there something similar to NAT64 that could be run on the home routers that would let people run IPv4 internally, NAT to IPv6 on the router, and then NAT64 back to IPv4 later?

That's called NAT464 and it's been discussed off and on as a possible transition tool, but I haven't seen a lot of support for it as DS-Lite is generally agreed to be the most robust approach. You'll probably see NAT464 in mobile phone networks to avoid the tunnelling overhead of DS-Lite.

> I cringe at even typing this, but it may be better than having to tunnel everything to specific endpoints. If enough ISPs were to go this route, they could start peering to each other with IPv6 and the traffic would just get converted to IPv4 as it goes to the servers.

Not sure I follow...if an IPv6-enabled host on one network wants to communicate with an IPv6-enabled host on another network, there will be no translators in the path. It will all be native IPv6. DS-Lite only tunnels and translates traffic headed for an IPv4-only destination.

> I don't think that the DS-Lite approach will have the results you are expecting, because customers will still be running NAT on their devices.

Regardless of the transition mechanism used, we have to expect that some people will just connect their old IPv4 NAT box to their shiny new v4/v6 box running DS-Lite or NAT464 or whatever. With DS-Lite, you'd then have double-NAT, and with NAT464, you'd then have triple NAT. It should generally work, it's just silly and adds one more point of failure.