Moving to IPv6

[D. Hugh Redelmeier]

| From: Anton Verevkin <anton-P5WJPa9AKEc1GQ1Ptb7lUw at public.gmane.org>

| I would like to seek for advice from IPv6-gurus on the following. 
| Imagine you have a network, too small to make BGP-peering with the ISPs, 
| but this network still wants to have multihoming with two internet 
| connections. Let's say with Bell and Rogers, or with Acanac and Teksavvy 
| :). Imagine all of them already provide you with both ipv4 and ipv6.

I do this with IPv4, and it isn't very satisfactory.

I have two gateways.  Each machine on my LAN has a routable IP address
(but that isn't required).  Each gateway knows how to route packets to
each machine on my LAN.  Each machine on my LAN routes to a gateway of
its choice (usually set by DHCP).  There is no load balancing.  One 
gateway uses NAT, the other passes through the traffic with the routable 
addresses.

Load balancing won't easily work.  The problem is that packets from
one machine on my LAN would have different IP addresses depending on
which gateway is used.  This doesn't work for most protocols.

I could use more sophisicated routing rules on the machines on my LAN.

When one gateway loses internet connectivity, I can manually change 
routing policies (most easily in the DHCP server's tables).  Most outages 
are too short to bother.

| In the IPv4 case they would give you one IP address each that you set on 
| different NICs of your router and make some logic to NAT outgoing 
| connections to one IP or another. Reply packets get back through the 
| same connection where they originated.

How do you do load balancing?  I don't thing your last sentence is
correct (unfortunately).

| In case of IPv6 both ISPs provide you with subnet prefixes. Which prefix you
| would set up in your LAN? How would you do the routing? No doubt we do not
| want NAT here, or else why switching from IPv4? We would also want to avoid 
| tunnels in the final solution, for tunnels are for the transition period,
| right? 

I expect you can use NAT on IPv6.  Just not the way we are used to
thinking of it.  The normal use of NAT in IPv4 (really NAPT) is to let
one IP address serve a bunch of client machines.  Yuck -- not in the
spirit of the internet, a network of peers.  It this case, you'd just
do a one-to-one and onto mapping to change the prefix (probably in
the gateway).

I don't know which IPv6 protocols break if prefixes are translated.
For example, some, but not all, IPSec protocols "protect" the IP
addresses and would not allow them to be changed.
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists