[arin-ppml] CGN multiplier was: RE: Input on an article by Geoff Huston (potentially/myopically off-topic addendum)

Owen DeLong owen at delong.com
Thu Sep 15 07:58:19 EDT 2011

On Sep 15, 2011, at 4:49 AM, Matthew Kaufman wrote:

> On 9/15/11 4:05 AM, Owen DeLong wrote:
>> If you can spell out that functionality, I'll be happy to show you how to do that in IPv6. It may require a certain amount of rethinking your methodology, but, I have yet to encounter an application where you could not achieve just as good a result without NAT using better methods available in IPv6.
> I'll take you up on that. Solutions presented must not rely on a third party tunnel broker.
> 1. "Dual-WAN router". I have a dozen PCs on people's desktops. I want to use whichever of my two ISPs is currently up and running, noting that either may fail at any time. The PCs are running XP SP3 and you may not change any software on them.

Easy... Connect one WAN port to Provider A.
Connect second WAN port to provider B.
Obtain PI space and ASN from ARIN.
Obtain inexpensive 1-U colo from two (reasonably local) colo or colo-resellers.
Place small inexpensive routers in each of the colos and get a BGP default (or full tables if you like in IPv6, at least for now) from each of the colo upstreams.
Build tunnels between your dual WAN router and your colo routers.
Advertise iBGP across the tunnels to the colo routers and eBGP from the colo routers.

No third party tunnel broker, reliable true multihoming.

> 2. "Intranet". I have thousands of PCs on desktops across a multi-building campus. I have all sorts of internal servers that have static IP address assignments that I need to reach from these PCs. I don't want to renumber anything or even reconfigure my DHCP servers when I change providers.

I believe the above solution also covers this case, though another (less desirable IMHO) alternative would be to use ULA for the internal communications and only use SLAAC-based or DHCP-PD based addressing for your internet communications.

> I know how to solve parts of each of these without NAT, but I can't find any case where the solution is "better" when you don't use NAT... so list how you'd do it.

IMHO, both of the above solutions provide a superior alternative to NAT, but, I also consider the third-party tunnel broker solution (which is similar to my solution above, but, less expensive) to be superior to NAT as well. Of course, you can also hybridize using a third-party tunnel broker in place of one of the two colocation sites as well.


More information about the ARIN-PPML mailing list