I keep getting asked about whether to use technology X or Y when deploying an IPv6 network, especially 'transition'/'tunneling'/'coexistence' technologies. Copypasta from a post I mate to NANOG just now. Sorry if you've read this before, but I think it'll be a useful resource for people: Instead of explaining the options over and over and hoping people can make sense of the complexities of it, become experts, and make good informed decisions, I've made a flow chart. Feel free to ask about details and I can get in to the ranting part, this is really a place to start. Right now it assumes people only provide DSL or other dynamic sort of services. It also assumes DS-Lite people are insane, so probably need better language there. Also the first question is not necessarily about who you are, but who is driving the IPv6 'build' - which is why native, 6rd and ds-lite are not appropriate for the customer-driven side. I hope that makes sense. No talk about ISATAP and stuff for inside the customer network either. And before you ask no ISATAP is not appropriate for ISPs, doesn't work through NAT. Anyway: - 6RD is used by free.fr. Not widely implemented by anyone yet. - DS-Lite is something some guys at Comcast and others are talking about. Not widely implemented by anyone yet. - The rest you can figure out from wikipedia and stuff. Please email me with any corrections, complaints, or threats if you're a DS-Lite fan. I'll always keep old versions in this directory, and the latest version will always have this filename, so please link to it instead of copying it, etc. etc.: http://www.braintrust.co.nz/resources/ipv6_flow_chart/ipv6_flow_chart-curren... -- Nathan Ward
Nathan, About ds-lite. I don't think it's insanity. It's what you do if either (a) you have run out of IPv4 addresses even *within* the ISP network. That is Comcast's story. (Yes, they are a little bigger than all NZ ISPs added together.) or (b) your funding agency requires you to run an IPv6-only core. That is CERNET's story. (Yes, their funding agency runs the largest country in the world, and seems to think that having fewer addresses than people is stupid.) As for possible ISP scenarios, I think there are going to be more. Watch for an Internet-Draft coming your way very soon. Brian On 2009-10-14 19:01, Nathan Ward wrote:
I keep getting asked about whether to use technology X or Y when deploying an IPv6 network, especially 'transition'/'tunneling'/'coexistence' technologies.
Copypasta from a post I mate to NANOG just now. Sorry if you've read this before, but I think it'll be a useful resource for people:
Instead of explaining the options over and over and hoping people can make sense of the complexities of it, become experts, and make good informed decisions, I've made a flow chart. Feel free to ask about details and I can get in to the ranting part, this is really a place to start.
Right now it assumes people only provide DSL or other dynamic sort of services. It also assumes DS-Lite people are insane, so probably need better language there. Also the first question is not necessarily about who you are, but who is driving the IPv6 'build' - which is why native, 6rd and ds-lite are not appropriate for the customer-driven side. I hope that makes sense. No talk about ISATAP and stuff for inside the customer network either. And before you ask no ISATAP is not appropriate for ISPs, doesn't work through NAT.
Anyway: - 6RD is used by free.fr. Not widely implemented by anyone yet. - DS-Lite is something some guys at Comcast and others are talking about. Not widely implemented by anyone yet. - The rest you can figure out from wikipedia and stuff.
Please email me with any corrections, complaints, or threats if you're a DS-Lite fan. I'll always keep old versions in this directory, and the latest version will always have this filename, so please link to it instead of copying it, etc. etc.:
http://www.braintrust.co.nz/resources/ipv6_flow_chart/ipv6_flow_chart-curren...
-- Nathan Ward
------------------------------------------------------------------------
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
There are certainly other solutions to the issue of IPv4 runout within the ISP that do not require CPE change - certainly a plug for some of the work I have done (and at least one vendor is implementing) is the L2-Aware NAT: draft-miles-behave-l2nat-00. In AU/NZ we see a lot of subsidised CPE, and often this CPE is significantly trimmed in terms of flash, memory and CPU. I have heard from at least one modem vendor that their lowest cost CPE simply cannot do DS-Lite faster than 5Mbps. Certainly the counter-argument goes along the lines of "you need new CPE for IPv6 anyway", so take with a grain of salt, but the reality is that we are in an IPv4- dominated world, so continuity of service is critical. One thing that seems to be missing is a discussion on how an ISP will roll such services out to market (NAT44, DS-Lite, etc). Only addressing new customers or new markets seems non-sensical, so it would appear ISP may be forced to introduce a lower-cost plan to try and entice customers to use a NAT solution (which DS-Lite certainly is). The bottom line is that all solutions involve NAPT and will have application compatibility problems. If an ISP must launch a somewhat crippled product to market at a lower price-point (but higher cost) then IPv4-continuity is boiled down into a cost-reduction exercise. I speculate that an ISP would logically seek the lowest-cost solution, which would be to avoid CPE change. My -individual- 2c d On 15/10/2009, at 7:40 AM, Brian E Carpenter wrote:
Nathan,
About ds-lite. I don't think it's insanity. It's what you do if either (a) you have run out of IPv4 addresses even *within* the ISP network. That is Comcast's story. (Yes, they are a little bigger than all NZ ISPs added together.) or (b) your funding agency requires you to run an IPv6-only core. That is CERNET's story. (Yes, their funding agency runs the largest country in the world, and seems to think that having fewer addresses than people is stupid.)
As for possible ISP scenarios, I think there are going to be more. Watch for an Internet-Draft coming your way very soon.
Brian
On 2009-10-14 19:01, Nathan Ward wrote:
I keep getting asked about whether to use technology X or Y when deploying an IPv6 network, especially 'transition'/'tunneling'/'coexistence' technologies.
Copypasta from a post I mate to NANOG just now. Sorry if you've read this before, but I think it'll be a useful resource for people:
Instead of explaining the options over and over and hoping people can make sense of the complexities of it, become experts, and make good informed decisions, I've made a flow chart. Feel free to ask about details and I can get in to the ranting part, this is really a place to start.
Right now it assumes people only provide DSL or other dynamic sort of services. It also assumes DS-Lite people are insane, so probably need better language there. Also the first question is not necessarily about who you are, but who is driving the IPv6 'build' - which is why native, 6rd and ds-lite are not appropriate for the customer-driven side. I hope that makes sense. No talk about ISATAP and stuff for inside the customer network either. And before you ask no ISATAP is not appropriate for ISPs, doesn't work through NAT.
Anyway: - 6RD is used by free.fr. Not widely implemented by anyone yet. - DS-Lite is something some guys at Comcast and others are talking about. Not widely implemented by anyone yet. - The rest you can figure out from wikipedia and stuff.
Please email me with any corrections, complaints, or threats if you're a DS-Lite fan. I'll always keep old versions in this directory, and the latest version will always have this filename, so please link to it instead of copying it, etc. etc.:
http://www.braintrust.co.nz/resources/ipv6_flow_chart/ipv6_flow_chart-curren...
-- Nathan Ward
------------------------------------------------------------------------
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
David Miles wrote:
There are certainly other solutions to the issue of IPv4 runout within the ISP that do not require CPE change - certainly a plug for some of the work I have done (and at least one vendor is implementing) is the L2-Aware NAT: draft-miles-behave-l2nat-00.
In AU/NZ we see a lot of subsidised CPE, and often this CPE is significantly trimmed in terms of flash, memory and CPU. I have heard from at least one modem vendor that their lowest cost CPE simply cannot do DS-Lite faster than 5Mbps. Certainly the counter-argument goes along the lines of "you need new CPE for IPv6 anyway", so take with a grain of salt, but the reality is that we are in an IPv4- dominated world, so continuity of service is critical.
One thing that seems to be missing is a discussion on how an ISP will roll such services out to market (NAT44, DS-Lite, etc). Only addressing new customers or new markets seems non-sensical, so it would appear ISP may be forced to introduce a lower-cost plan to try and entice customers to use a NAT solution (which DS-Lite certainly is). The bottom line is that all solutions involve NAPT and will have application compatibility problems. If an ISP must launch a somewhat crippled product to market at a lower price-point (but higher cost) then IPv4-continuity is boiled down into a cost-reduction exercise. I speculate that an ISP would logically seek the lowest-cost solution, which would be to avoid CPE change.
My -individual- 2c
d
The huge problem is all the home customers with ancient second-hand CPE. I suspect they are also the bulk of customers with 256KB or less connections. For which some cheap/free CPE flashed to do dualstack at ~5MB is far more speed they they are willing to pay for at present. A nasty to run, but relatively cheap, exchange program for CPE might be the way to go there. Old CPE comes in gets flashed and goes out again as part of the exchange. The customers willing to pay top dollar for full-speed DSL are also the bracket most likely to be okay with spending a hundred or so for a new CPE box. Just to be getting the latest Next Generation Internet. Some might be willing to slightly downgrade for free. That just leaves the penny-pincher's amongst the high-speed users. Only time will tell how big that problem group is. "Some things only appear as problems until you look at the sideways." my 2c. AYJ
On 15/10/2009, at 7:40 AM, Brian E Carpenter wrote:
Nathan,
About ds-lite. I don't think it's insanity. It's what you do if either (a) you have run out of IPv4 addresses even *within* the ISP network. That is Comcast's story. (Yes, they are a little bigger than all NZ ISPs added together.) or (b) your funding agency requires you to run an IPv6-only core. That is CERNET's story. (Yes, their funding agency runs the largest country in the world, and seems to think that having fewer addresses than people is stupid.)
As for possible ISP scenarios, I think there are going to be more. Watch for an Internet-Draft coming your way very soon.
Brian
On 2009-10-14 19:01, Nathan Ward wrote:
I keep getting asked about whether to use technology X or Y when deploying an IPv6 network, especially 'transition'/'tunneling'/'coexistence' technologies.
Copypasta from a post I mate to NANOG just now. Sorry if you've read this before, but I think it'll be a useful resource for people:
Instead of explaining the options over and over and hoping people can make sense of the complexities of it, become experts, and make good informed decisions, I've made a flow chart. Feel free to ask about details and I can get in to the ranting part, this is really a place to start.
Right now it assumes people only provide DSL or other dynamic sort of services. It also assumes DS-Lite people are insane, so probably need better language there. Also the first question is not necessarily about who you are, but who is driving the IPv6 'build' - which is why native, 6rd and ds-lite are not appropriate for the customer-driven side. I hope that makes sense. No talk about ISATAP and stuff for inside the customer network either. And before you ask no ISATAP is not appropriate for ISPs, doesn't work through NAT.
Anyway: - 6RD is used by free.fr. Not widely implemented by anyone yet. - DS-Lite is something some guys at Comcast and others are talking about. Not widely implemented by anyone yet. - The rest you can figure out from wikipedia and stuff.
Please email me with any corrections, complaints, or threats if you're a DS-Lite fan. I'll always keep old versions in this directory, and the latest version will always have this filename, so please link to it instead of copying it, etc. etc.:
http://www.braintrust.co.nz/resources/ipv6_flow_chart/ipv6_flow_chart-curren...
-- Nathan Ward
------------------------------------------------------------------------
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
On 2009-10-31 20:28, TreeNet Admin wrote:
David Miles wrote:
There are certainly other solutions to the issue of IPv4 runout within the ISP that do not require CPE change - certainly a plug for some of the work I have done (and at least one vendor is implementing) is the L2-Aware NAT: draft-miles-behave-l2nat-00.
There's also a new draft proposing a UDP-based tunneling technique that should (in theory) go through old CPE like a dose of teredo: http://tools.ietf.org/id/draft-lee-softwire-6rd-udp I can see lots of issues with it, but it may turn into something useful. Maybe we should continue this on ipv6-techsig(a)listserver.internetnz.net.nz Brian
On 31/10/2009, at 5:58 PM, TreeNet Admin wrote:
The huge problem is all the home customers with ancient second-hand CPE.
I don't think they're a huge problem as they're the least likely to notice the implementation of SP-NAT in front of their connection. I know at least one large ISP in our region considering this as phase #1 of an SP-NAT implementation. The big issue right now is: the lack of IPv6 native support in CPE at all. If we had the larger CPE vendors starting to implement (*) then with a 2 year replacement time for most CPE we'd be fine by the time a lack of v4 addresses starts to pinch. In NZ at the moment with VDSL2 starting to be rolled out it'd be a PERFECT time to start squirrelling (or whatever marsuipal/mammal you guys have) it into people's houses as people replace CPE. But I'm guessing that it's not happening that way alas. We need to start getting IPv6 out there to end-customers to start the ball rolling to start shaking the problems down. (And believe me there a whole LOT of problems with IPv6 in actual real production to DSL customers ...) (*) Let's face it - given that almost all the CPE is Linux based it's just laziness on the CPE vendor's part as it's already bloody well done for them. MMC -- Matthew Moyle-Croft Peering Manager and Team Lead - Commercial and DSLAMs Internode /Agile
(*) Let's face it - given that almost all the CPE is Linux based it's just laziness on the CPE vendor's part as it's already bloody well done for them.
The behave specs for v6 CPE's are quite complicated and involved, it's not "just turning on v6 routing", there is default firewalls, DHCP PD, automatic ULA selection, and a whole string of other requirements. It would be a non trivial amount of effort to upgrade a CPE to v6 even if it's just running linux. That said, it's not /that/ hard to do, but it will take a reasonable amount of development time.
On 01/11/2009, at 8:50 PM, Perry Lorier wrote:
(*) Let's face it - given that almost all the CPE is Linux based it's just laziness on the CPE vendor's part as it's already bloody well done for them.
The behave specs for v6 CPE's are quite complicated and involved, it's not "just turning on v6 routing", there is default firewalls, DHCP PD, automatic ULA selection, and a whole string of other requirements. It would be a non trivial amount of effort to upgrade a CPE to v6 even if it's just running linux. That said, it's not / that/ hard to do, but it will take a reasonable amount of development time.
All those bits are done under Linux - kernel supports IPv6 etc. DHCPv6 PD is fairly straightforward - there are several DHCPv6 implementations. I know someone who got an OpenWRT image done in a few weeks for things like WRT54Gs for fun. So clearly it's not that complex or involved or time consuming. DLink have managed to get PPPoE IPv6 etc in their latest CPE router (no ADSL) - so surely they can port it across to their DSL product line. So the "it's too hard thing" - don't buy it. Not at all. MMC
participants (7)
-
Brian E Carpenter -
David Miles -
jamie baddeley -
Matthew Moyle-Croft -
Nathan Ward -
Perry Lorier -
TreeNet Admin