User: Password:
Subscribe / Log in / New account

Forget IPv6 NAT; use LISP instead

Forget IPv6 NAT; use LISP instead

Posted Jul 24, 2011 20:58 UTC (Sun) by baldur (guest, #77305)
In reply to: IPv6 NAT by Cyberax
Parent article: IPv6 NAT

If you need something now go download yourself a copy here:

Or if you are using Cisco go here:

The Linux implementation (which seems less mature):

The available NAT66 solutions do not seem to be any more mature than LISP. Since LISP is so far superior I can not imagine the world taking on NAT66 at a greater scale. I would therefore expect little or no application support for NAT66 and a world of hurt for those that follow that ill path. There for sure are zero applications today that handles NAT on IPv6 (using STUN to figure out the real IP address and all that jazz).

(Log in to post comments)

Forget IPv6 NAT; use LISP instead

Posted Jul 25, 2011 8:35 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]


I have IPv6 address assignment from my ISP. I want to use LISP. What should I do?


Forget IPv6 NAT; use LISP instead

Posted Jul 25, 2011 9:39 UTC (Mon) by baldur (guest, #77305) [Link]

Install one of the 6 different implementations. Decide if you want to be part of the beta network or just setup your own proxies. If you want the beta network follow the guidelines here:

Otherwise you can ignore the network and install your own PxTR(s) on collocated servers.

Forget IPv6 NAT; use LISP instead

Posted Jul 25, 2011 13:10 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]

So, right now LISP is useless as-is. And the only way to use it is to have a proxy somewhere with a stable IP address.

Well, I can do this with IPSec tunnels or PPtP/GRE. And more easily, in fact.

Forget IPv6 NAT; use LISP instead

Posted Jul 25, 2011 19:34 UTC (Mon) by baldur (guest, #77305) [Link]

LISP is very useful and was used by some very large sites (Facebook) during IPv6 day. If they can so can you.

But you are right - a tunnel is yet another way to solve the multihome issue. So now we got:

1) IPv6 with multiple prefixes
2) IPv6 with multiple prefixes and ULA
3) LISP:
4) BGP multihome
5) NEMO and MIPv6:
6) Custom tunnel
7) NAT66 (pre alpha version published on 15 Jul 2011:

We are currently doing 1) on a significantly larger network than the one you administer and it "just works". But I definitely think the future is 3). It might currently take some involvement to setup but that will change quickly.

The use cases and complaints that you have put forward are all solved by LISP and in a much better way than NAT66.

Forget IPv6 NAT; use LISP instead

Posted Jul 26, 2011 16:26 UTC (Tue) by Cyberax (✭ supporter ✭, #52523) [Link]

LISP has the same problem as IPv6 - to be useful it needs to be widely deployed. And it doesn't look like it'll happen soon.

MIPv6 and NEMO are effectively dead. They require cooperation of both parties to avoid triangular routing, and that's not going to happen because Windows has dropped MIPv6 support and has never had NEMO support.

I honestly think that NAT66 will be used quite widely. And it's actually not that bad, because it's possible to use it just in prefix-translation mode with 1-to-1 mapping.

Forget IPv6 NAT; use LISP instead

Posted Jul 26, 2011 16:53 UTC (Tue) by baldur (guest, #77305) [Link]

You can be the first person in the world to implement LISP and it will be useful. It is not just a tunnel equallent.

Say you have ISP A and ISP B as uplinks. In addition pay for, rent or collocate a server at both ISPs where you install the LISP proxy software. Granted this extra expense but you got:

1) The ISPs are taking care of BGP.
2) Automatic load balancing both up and downstream.
3) Automatic failover.
4) If you got PI address space you can easily switch ISPs.
5) If one server goes down your are still good although this depends on the ISP stopping advertising your PI space.

LISP currently as an enormous amount of steam so I feel quite confident that the beta network will eventually convert to production state. At that point it will be just as easy to setup as NAT66 but without any of the drawbacks. All you would need is to login to the web interface of your standard router and check the LISP option. Then tell it four pieces of information: Your allocated EID, the address of the map service, your username and password.

Of course NAT66 will happen but I don't see multihoming or renumbering-protection as good use cases. These will be better handled by LISP. I don't see most applications getting good NAT66 handling the same way they have NAT44 handling today.

We are probably not going to get any more learnings or consensus out of this thread. I just wanted to point there are in fact more options than BGP and NAT66.

Forget IPv6 NAT; use LISP instead

Posted Jul 26, 2011 17:53 UTC (Tue) by Cyberax (✭ supporter ✭, #52523) [Link]

Well, it's much easier just to register in ARIN/RIPE and get PI assignment. It'll cost about $3000, which is far cheaper than two colocated servers/routers with BGP and LISP support. And I'll get all those benefits and without need to setup LISP.

We've actually considered a similar variant (colocate a server and use it to terminate GRE tunnels).

So while there may be other ways (I'll concede that multiple IPv6 addresses might work for somebody), your choice is still is very much between spending $$$$ and having in many ways inferior solution.

As for LISP, it merits its own article on LWN. And right now it's FAR from being really complete (which is OK, people are still working on it).

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds