Prefix translation looks to be exactly what we need to do here. Thanks for all of the replies.
-Randy On Jun 12, 2011, at 2:42, Seth Mos <seth....@dds.nl> wrote: > > Op 12 jun 2011, om 03:50 heeft Randy Carpenter het volgende geschreven: > >> >> I have an interesting situation at a business that I am working on. We >> currently have the office set up with redundant connections for their >> mission critical servers and such, and also have a (cheap) cable modem for >> general browsing on client machines. > > So basically policy routing? > >> The interesting part is that the client machines need to access some >> customer networks via the main redundant network, so we have a firewall set >> up to route those connections via the redundant connections, and everything >> else via the cheaper, faster cable modem. NAT is used on both outbound >> connections. > > Yep that sounds like policy routing. > >> With IPv6, we are having some trouble coming up with a way to do this. Since >> there is no NAT, does anyone have any ideas as to how this could be >> accomplished? > > Sure there is NAT, you can use prefix translation to translate your Global > Address Range from the redundant ISP to the Cable ISP Global address range > when leaving that interface. I've run a similar setup with 3 independent ISPs > with IPv6 netblocks. > > Whichever connection the traffic went out it got the right GUA mapped onto > it. Note that this is 1:1 NAT and not N:1. > > In my case there was no primary GUA range, I used a ULA on the LAN side of > things, and mapped the corresponding GUA onto it when leaving the network. I > had 3 rules, 1 for each WAN and mapped the ULA/56 to the GUA/56. > > In your case you already have a primary connection of sorts, so I'd suggest > using that on the LAN side and only map the other GUA onto it when it leaves > the other interfaces. > > The policy routing rules on your firewall can make all the routing decissions > for you. > > If you search google for "IPv6 network prefix translation" there will be a > firewall listed that can do this somewhere in the middle of the page. > > Cheers, > > Seth >
