It’s important for people to apply directly to their registry for IPv6 address allocation. You should not get an allocation from your Service Provider.
When enabling IPv6 addresses for your network, you will need to have a IPv6 allocation. Many people might take the easy route and rely on their service provider to provide addresses. However, an IPv6 allocation from your telco means you might be stuck with that telco because you can’t get the funding for a full migration.
Configuring Firewall Rules
If you have ever migrated a firewall cluster for a large company, you’ll know that you public IPv4 addresses become part of the rules that other companies use. That is, external service providers will identify your Internet addressing and then permit that through their firewall. Especially for web services.
And you never know about them until you migrate your external internet connection to a new provider.
At this point, there is no plan to offer NAT66, therefore the IPv6 addressing that you are allocated will be used inside your company. That is, servers, desktops, printers, fax machines etc etc etc.
Therefore, you need to own that IPv6 Address. It must belong to your company so that when (and it’s always a matter of when) you change Internet providers, you do not have to change the addressing on your internal network or your firewalls and external services (email, DNS, web proxies etc).
IPv6 Global Prefix
Theoretically, it should be easy to migrate from one provider to another by simply changing the global prefix of your network. The global prefix is the first 64 bits of a standard IPv6 address. If you have a bigger allocation, say a /56, or /48 then that will be your global prefix.
The original designs for IPv6 called for network equipment to easily support configuration changes to the global prefix. However, this isn’t happening. I haven’t seen much commitment from big vendors to make it simple to migrate from one IPv6 provider to another.
Service Providers want to lock you in
Service Providers have two benefits from owning your IPv6 addresses.
- It makes it harder to move to another provider because your project would need resources to readdress a lot of equipment
- it uses less routing table memory in their core networks and allows them to delay network infrastructure upgrades.
Therefore it’s a double whammy benefit to your telco to “suggest” to you that they allocate you an IPv6 address. And none for you.
I’ve worked at companies who owned their own /24, /20 or even /16 and never needed to change their public IP addressing in twenty years. That’s real money saved for every ISP migration, and every ISP dual homing strategy.
Therefore, every company should be applying to the ARIN, RIPE, APNIC for their own allocation. Do not accept an IPv6 prefix from your service provider and be ready to migrate from one telco to another. It’s vitally important to ensure the independence of your Internet provider from any one supplier for better pricing, better service and better availability.
Bring on the IPocalypse.