[ppml] Random v6 discussions (was Re: Policy Proposal: IPv4 Transfer Policy Proposal)

Thu Feb 14 15:04:15 EST 2008

Iljitsch van Beijnum wrote:
> So let's not waste any time... It's still almost impossible to buy a  
> broadband modem / home router / CPE that will do IPv6, and because  
> those almost always do NAT, it's also pretty hard to tunnel IPv6  
> through such a box.

There are creative ways around limitations like that. After 
continually asking our BRAS and modem vendors for IPv6 support, 
for years and without any coherent response, I've had to find 
workarounds.

If you have a modem with good bridge group/VLAN support, you can 
create an additional PVC upstream just for IPv6, and attach that 
PVC to the WAN bridge group, in the case of a bridged 
configuration, or the LAN bridge group, in the case of a layer-3 
router/NAT configuration.

To put that another way, if your IPv4 modem is NATd, you could 
potentially (depending on your modem) create a separate virtual 
pipe upstream, and backdoor it into the customer's LAN. I 
certainly understand the wide gaping security hole that creates, 
but it may be something that a customer may be willing to accept 
if I can present them the option.

Also, I'm a big fan of layer-two separation, so each IPv6 PVC 
goes back to a Linux box via separate VLANs, which in itself 
provides some security robustness (where high-jacked DHCPv6 
requests aren't of such a big concern).

> But that's not the only hard part. ISPs can pretty much leave old  
> customers on IPv4 and give IPv6 to new customers. For content sites,  
> it's different: you do v6 or you don't. Because of firewalling and  
> less than optimal routing in some places, IPv6 can be worse than IPv4,  
> so the way things are now, it's not a good idea for Big Content to  
> turn on IPv6. They also don't care about the IPv4 depletion, they only  
> need a few addresses. ISPs on the other hand use up millions. So it's  
> likely that we'll end up in a situation where as of a certain date, a  
> lot of new users will be IPv6-only or IPv6+not-so-good-IPv4, while  
> existing users and content are pretty much IPv4-only.

I don't look at this as a scenario as having to dictate to my 
customers (as a service provider) which class of addressing they 
should use. I'll provide it to them today (or in the near 
future), and let them decide if they want to try it or not as an 
opt-in feature.

If we wait until IPv4 runs out, or we're forced to do so for 
other reasons, then we're in a situation where we're making the 
decisions for customers, rather than customers making their own 
decisions about the technology they would wish to use.

It may be that at some point, we'll have to charge more for a 
customer who wishes to have a publicly routable IPv4 address.

In all honesty, I don't expect a lot of uptake in the near term, 
but by providing an optional IPv6 network connection to users, we 
give them time to learn it at their own pace, rather than ripping 
IPv4 out from under them. Also, it gives us time, as a service 
provider, to ignore hard time frames and to gain experience with 
it ourselves.

- Dan White