IPv6 addressing for broadband-connected remote sites
Is anyone aware of any thinking that has been done on how IPv6 addressing would work for enterprises with remote sites that are broadband connected? In the IPv4 we would deploy a router terminating a VPN tunnel back to our datacentres, with selected traffic being broken out locally to the internet, reliant on NAT'ing the client source addresses. In an IPv6 world how would this work? Since there's no capability of NAT'ing an IPv6 address to another IPv6 address, would it be better to address the clients within sites using PA addressing from the local ISP? This would lose the benefits of having sites allocated from a contiguous (summarisable) address space within the enterprise . On the other hand, if we addressed the sites from our PA address block, then unless I'm missing something, local ISP's would be unlikely to want to route to it as the addresssing wouldn't be in their block, would by definition almost certainly be a small subnet (probably single /64), and wouldn't fit into their standard provisioning model. Any comments / suggestions would be most welcome. ------------------------------------------------------------------------------------------------------------ Get the best from British Airways at ba.com http://www.ba.com -- This message is private and confidential and may also be legally privileged. If you have received this message in error, please email it back to the sender and immediately permanently delete it from your computer system. Please do not read, print, re-transmit, store or act in reliance on it or any attachments. British Airways may monitor email traffic data and also the content of emails, where permitted by law, for the purposes of security and staff training and in order to prevent or detect unauthorised use of the British Airways email system. Virus checking of emails (including attachments) is the responsibility of the recipient. British Airways Plc is a public limited company registered in England and Wales. Registered number: 1777777. Registered office: Waterside, PO Box 365, Harmondsworth, West Drayton, Middlesex, England, UB7 0GB. Additional terms and conditions are available on our website: www.ba.com
Hi, On Thu, Jun 13, 2013 at 11:28:15AM +0100, stuart.dale@ba.com wrote:
Is anyone aware of any thinking that has been done on how IPv6 addressing would work for enterprises with remote sites that are broadband connected? In the IPv4 we would deploy a router terminating a VPN tunnel back to our datacentres, with selected traffic being broken out locally to the internet, reliant on NAT'ing the client source addresses. In an IPv6 world how would this work?
Well, you could do that...
Since there's no capability of NAT'ing an IPv6 address to another IPv6 address, would it be better to address the clients within sites using PA addressing from the local ISP?
I'm not mentioning RFC6296 now... :-) 6296 IPv6-to-IPv6 Network Prefix Translation. M. Wasserman, F. Baker. June 2011. (Format: TXT=73700 bytes) (Status: EXPERIMENTAL) ... so there's both network prefix translation, and also products that do "classic" N:1 NAT with IPv6. Whether this is the right thing to do is a religious debate. Another approach that is more IPv6-ish is to use ULA space (RFC4913) internally, and in the branch offices, give all machines *two* IPv6 addresses - one global from their local provider, one ULA from your internal network. Source address selection will make the machines source packets from ULA space if going to ULA-addressed servers inside the VPN, and from global space if going "out to the internet" - so "it should just work"... Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
* stuart.dale@ba.com wrote:
Is anyone aware of any thinking that has been done on how IPv6 addressing would work for enterprises with remote sites that are broadband connected? In the IPv4 we would deploy a router terminating a VPN tunnel back to our datacentres, with selected traffic being broken out locally to the internet, reliant on NAT'ing the client source addresses.
In IPv6 you are using NEMO, Network Mobility with Mobile IPv6. Just do it. Do not even think about anything else.
stuart.dale@ba.com wrote:
Is anyone aware of any thinking that has been done on how IPv6 addressing would work for enterprises with remote sites that are broadband connected?
How many (approximately) of those remote sites would you expect to manage? Wilfried.
participants (4)
-
Gert Doering -
Lutz Donnerhacke -
stuart.dale@ba.com -
Wilfried Woeber