Moving to IPv6

Anton Verevkin anton-P5WJPa9AKEc1GQ1Ptb7lUw at public.gmane.org
Fri Sep 17 01:08:13 UTC 2010 

"D. Hugh Redelmeier" <hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org> wrote:
> I have two gateways.
...
> One gateway uses NAT, the other passes through the traffic with
> the routable addresses.
...
> I expect you can use NAT on IPv6.
...
> It this case, you'd just do a one-to-one and onto mapping to change
> the prefix (probably in the gateway).

I also thought about 1:1 NAT on one of the routers. This might really 
help if you are using one of the connections as a passive backup.



> | In the IPv4 case they would give you one IP address each that you set on

> | different NICs of your router and make some logic to NAT outgoing 
> | connections to one IP or another. Reply packets get back through the 
> | same connection where they originated.
> 
> How do you do load balancing?  I don't thing your last sentence is
> correct (unfortunately).

By saying that packets return through the originating connection I meant 
that if you have Bell IP 1.1.1.1 and Rogers IP 2.2.2.2 and you let the
packet
exit through the Bell link, your router makes NAT to the 1.1.1.1 address,
and
the reply packet will definitely get back through Bell as it will be going
to 
IP 1.1.1.1.

I have made several installations of this kind for IPv4 but mostly did not
have load balancing. It was just a total switch to backup channel in
case of the primary channel failure. Once I was asked to make load balancing
and I made it for HTTP only. I installed a load balancer application inside
the network that was randomly forwarding tcp sessions to one of the two
destinations - two HTTP proxy servers outside of the network, and set the
static host routes on the gateway to get to them through different ISPs.
Users inside the LAN were using this balancer as their HTTP proxy and
were actually balanced between two real proxies through different ISPs.

In theory if you find a way to send the packets to different gateways
on the basis of SourceIP-DestinationIP pairs (randomized) you will be safe
for most protocols. Probably SIP might break, but it is broken by design,
if you are doing NAT anyway.

Regards,

--
Best regards,

Anton Verevkin
anton-P5WJPa9AKEc1GQ1Ptb7lUw at public.gmane.org


--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists

More information about the Legacy mailing list