[AusNOG] IPv6 Homenet (Re: another ipv6 Q)

Thu Jul 3 15:59:20 EST 2014

On 2014-07-03 01:47, Tony wrote:
> On Thu, 03 Jul 2014 14:30:07 +1000, Jeroen Massar <jeroen at massar.ch> wrote:
>>
>> Oh and yes, it will be a lot of fun when some large company is going to
>> split and then have to split up their IPv6 address space, somebody will
>> be renumbering a lot of hosts... ;)
> 
> Which raises a question I've been wondering about (and pardon my
> ignorance if it's obvious, I'm still coming to grips with IPv6).
> 
> In the IPv4 world the following happens:
> * as an SP we have IPv4 address space from APNIC
> * a customer of ours is using IPv4
> * customer uses RFC1918 space on their internal/private network
> * we allocate a /29 to customer firewall that is globally routable
> * customer does NAT for traffic in/out the firewall for global
> reachability (via the /29)
>
> All pretty standard and fairly well understood.
> 
> My understanding of one of the design principles of IPv6 is that NAT
> will go (hooray !) and every device will have a globally unique IP
> address. I assume this is still correct ?

That is the original intent of the IETF.

But as ISPs are actually providing users with /128s in quite a few cases
for "business reasons" (read: charge for address space that they have
unlimited amounts for; instead of charging for bandwidth which is what
they get charged for by their upstreams), NAT will exist for IPv6.

> That being the case in the scenario I've outlined above the customer
> needs to get IPv6 space from "somewhere". The suggestion is that they
> would get it from their SP (ie. us) which I have no problem with. So it
> then looks like:
> * We allocate a /48 (out of our /32 that we have from APNIC) to customer
> * customer splits this up as they see fit (hopefully following some
> rules as to how they allocate subnets)
> * customer gives devices an IPv6 address out of this /48 on all their
> devices
> * all customer devices are now globally addressable
> 
> So what happens when said customer changes to another SP ? Do they then
> have to renumber everything ?

Yes.

(Unless you offer them a tunnel or so, but then they are still your
customer)

> The alternative could be the customer
> approaches the LIR and gains a /48 from the LIR, but wouldn't you then
> just have every company in the world with their own /48 which would just
> cause issues with aggregation and routing table size ?

Yes. Exactly.

But there are a lot less companies that need PI than individuals that
just need "Interwebz".

Companies getting PI is quite fine. Individuals using PA space is fine
too as they won't care to renumber their home.

> I know there is SLAAC & DHCPv6, so would it simply be the case of what
> would happen now if a customer needed to change the RFC1918 subnet they
> were using internally ? In the IPv4 world, this would mean changing DHCP
> scopes, then changing anything that is manually set ?

The important key is: DHCPv6-PD.

Also check out the Homenet architecture

https://ripe67.ripe.net/presentations/195-townsley-ipv6-homenet-ripe67-athens-distribution.pdf
http://www.kloepfer.org/ipv6-homenet.html

or further details per relevant Google searches

> I'm just curious as for anyone who isn't able to get their own globally
> unique space from a LIR then does the IPv6 world force them to renumber
> their entire network every time they change providers and have new IPv6
> addressing ?

Yes. That it is the way it also is for IPv4.

> Right now changing providers means getting a new IPv4/29
> for the outside of the firewall and perhaps changing a few NAT rules
> (and updating DNS), all of the internal IP's on devices get to stay the
> same (due to the NAT).

You can do IPv6 NAT if you really want it that simple. And likely that
is the way it will become anyway because of el-cheapo providers forcing
users to get business class service.

I see a BIG market for VPN companies. This is already the case for IPv4
and circumventing silly copyright-per-country-restrictions etc, but will
also be the case for just people who want to reach that box at home.

Greets,
 Jeroen

  (who even uses IPv6 NAT for boxes that have a /48, using the prefix
only for management, but does NAT on the single frontend to get the
traffic to the actual node that handles it...)