[AusNOG] My Predictions for the ISP Industry

Mark Andrews marka at isc.org
Fri Mar 16 19:11:44 EST 2012 

In message <4F62D399.2080300 at swin.edu.au>, Mattia Rossi writes:
> On 16/03/2012 16:29, Mark Andrews wrote:
> > In message<4F62C921.9090600 at swin.edu.au>, Mattia Rossi writes:
> >>>
> >>>    >   This means that the
> >>>    >   CPE is creating a 6to4 prefix out of it's public facing IPv4 address,
> >>>    >   which is then used to distribute v6 addresses to all his IPv6 devices in
> >>>    >   the house.
> >>>
> >>> More or less.  Or some other prefix.  But yes.
> >>>
> >>
> >> Some other prefix? E.g. fc00::/7 ?
> >
> > You get to play with lots of addrsses and prefixes with IPv6.
> >
> > en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST>  mtu 1500
> > 	ether 60:33:4b:01:75:85
> > 	inet6 fe80::6233:4bff:fe01:7585%en1 prefixlen 64 scopeid 0x5
> > 	inet 192.168.191.223 netmask 0xffffff00 broadcast 192.168.191.255
> > 	inet6 fd92:7065:b8e::6233:4bff:fe01:7585 prefixlen 64 autoconf
> > 	inet6 fd92:7065:b8e::5dfc:57b0:350:c254 prefixlen 64 autoconf temporary
> > 	inet6 2001:470:1f00:820:6233:4bff:fe01:7585 prefixlen 64 autoconf
> > 	inet6 2001:470:1f00:820:b12a:d75d:86e6:f3b3 prefixlen 64 autoconf temporary
> >
> > 3 prefixes and 5 addresses.
> > fe80::/64 link local
> > 	fe80::6233:4bff:fe01:7585%en1
> >
> > fd92:7065:b8e::/64 ULA internal communiction.
> > 	fd92:7065:b8e::6233:4bff:fe01:7585  mostly servers, long lived
> > 	fd92:7065:b8e::5dfc:57b0:350:c254   clients, short lived
> >
> > 2001:470:1f00:820:/64 HE tunneled prefix, external communiction.
> > 	2001:470:1f00:820:6233:4bff:fe01:7585 mostly servers, long lived
> > 	2001:470:1f00:820:b12a:d75d:86e6:f3b3 clients, short lived
> >
> 
> Exactly, that's what I meant: you have either a link local, or a ULA, or 
> in your case a 2001 prefix via the tunnel.
> 
> So a 6to4 enabled CPE provides to the LAN hosts either link local 
> (provides is probably the wrong term here), or a ULA or a 2002 based 
> address. It can't get any 2001 or other global unicast prefix one, 
> unless you manually set that up.

No. 2002::/16 is just a world wide network with the CPE routers
connecting local subnets and 6to4 relay routers, like those operated
by HE, connecting the network to the rest of the IPv6 unicast
network.

The relay routers annouce 2002::/16 to the world.  Look at bits
17..48 of the destination address of the IPv6 packet being sent
through them and encapsulate the packet and sent to the matching
IPv4 address.

The CPE's point IPv6 default at a 2002:<relay-router>::.  To not
have to find a relay router a anycast address block was allocated
and 2002:c058:6301:: is the defined address for the relay router.
Relay routers using this address inject 192.88.99.0/24 into
the IPv4 routing table to bring traffic to them.  This may be
local only to the ISP or globally as in the case of HE.

  +----------------------------------------------------+
  | 2000::/3                                           |
  | +------------- 6to4 relay router ----------------+ |
  | | 2002::/16                                      | |
  | | +------- 6to4 encapulating router (CPE) -----+ | |
  | | | 2002:<IPv4>::/48 which is split into /64's | | |
  | | +--------------------------------------------+ | |
  | |                                                | |
  | | +------- 6to4 encapulating router (CPE) -----+ | |
  | | | 2002:<IPv4>::/48 which is split into /64's | | |
  | | +--------------------------------------------+ | |
  | |                                                | |
  | | +------- 6to4 encapulating router (CPE) -----+ | |
  | | | 2002:<IPv4>::/48 which is split into /64's | | |
  | | +--------------------------------------------+ | |
  | |                                                | |
  | | +------- 6to4 encapulating router (CPE) -----+ | |
  | | | 2002:<IPv4>::/48 which is split into /64's | | |
  | | +--------------------------------------------+ | |
  | +------------------------------------------------+ |
  +----------------------------------------------------+

Individual hosts can also do this.

If a CPE/individual host is behind a firewall which block protocol
41 or tries to match the arriving encapsulated packets IPv4 source
address with the IPv4 destination addresses of sent packets things
break down.  There are some other failure modes but those are the
primary ones.

> Given that ULAs and link locals can't leave the LAN, the hosts need to 
> use the 2002 addresses as source to get out (actually for packets to get 
> back), or the CPE will have to do some weirdness with the other types of 
> addresses (e.g. NAT).
> 
> Mat
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the AusNOG mailing list