IPv6 Provider Independent Addressing is an IAB Recommendation

I’ve just been reading Russell Helling blog post – Fear and Loathing in IPv6 where he talks about gut reactions from the Service Provider side in Provider Independent (IPv4) address space. Go and read it.

Ok, so the reason that PI space was NOT a requirement for IPv4 was that we could change our external addressing. Not easy, but we COULD. Therefore, telcos & service providers could get away with giving us IP address that forced us to use their services, and prevented us from easily migrating away.

RFC 5902 says

Now, the IAB has clearly expressed RFC 5092 – IAB Thoughts on IPv6 Network Address Translation it’s view:

4.1. Discussion tweet

We believe that providing end-to-end transparency, as defined above, is key to the success of the Internet. While some fields of traffic (e.g., Hop Limit) are defined to be mutable, transparency requires that fields not defined as such arrive un-transformed. Currently, the source and destination addresses are defined as immutable fields, and are used as such by many protocols and applications. tweet

Each of the three classes of solution can be defined in a way that preserves end-to-end transparency. tweet

While we do not consider IPv6 NATs to be desirable, we understand that some deployment of them is likely unless workable solutions to avoiding renumbering, facilitating multihoming without adversely impacting routing scalability, and homogeneity are generally recognized as useful and appropriate. tweet

As such, we strongly encourage the community to consider end-to-end transparency as a requirement when proposing any solution, whether it be based on tunneling or translation or some other technique. Solutions can then be compared based on other aspects such as scalability and ease of deployment. tweet

For what it worth, I completely agree with the IAB. There is no benefit for anyone in having NAT66 and it’s an evil that must be expunged from the system. It will be hard enough to get DNS4 and DNS6 working without some overly complex NAT process as well.

NAT Didn’t Always Work.

It took about five years for firewalls to reliably be able to perform NAT and PAT. You may not remember it but I can assure you that the Active / Passive FTP was nothing compared to other protocols that simply could not be translated. And the translation process forces us to create protocols that can survive translation, thus removing features or capabilities that we could otherwise us.

The EtherealMind View

You can help make this PI Address Allocation a convention by moving to request  and deploy PI IPv6 space immediately. This will start a process of forcing the telcos to use LISP, or upgrade hardware, or start upgrading obsolete hardware and hiring enough engineers to complete their deployments. At least something will be done to adapt to the technical problems, the Internet always does.

Also worth remembering, those people who got IPv4 allocation in 1990′s got them forever and this might be your only chance again.

As Russell says:

In conclusion I concur with Greg and with the IAB that for IPv6 deployments in enterprise networks today PI is the only workable solution. Admitting this still makes me feel uncomfortable. tweet

Bring on the IPocalypse.

About Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus

You can contact Greg via the site contact page.

Subscribe For Weekly Updates by Email

Get a Weekly Summary of Latest Articles and Posts to your Email Inbox Every Sunday

Thanks for signing up. Look for the email from MailChimp & make sure you confirm your email address. You may need to check your spam or gmail settings to be sure of receiving the email.

Note: You can unsubscribe at any time using the link at the bottom of every email.