So the question is: where do you perform the NAT and how can it be redundant?
Thanks, Joshua Moore Network Engineer ATC Broadband 912.632.3161 > On Jul 5, 2015, at 10:12 AM, Mel Beckman <m...@beckman.org> wrote: > > Josh, > > Your job is simple, then. Deliver dual-stack to your customers and if they > want IPv6 they need only get an IPv6-enabled firewall. Unless you're also an > IT consultant to your customers, your job is done. If you already supply the > CPE firewall, then you need only turn on IPv6 for customers who request it. > With the right kind of CPE, you can run MPLS or EoIP and deliver public IPv4 > /32s to customers willing to pay for them. Otherwise it's private IPv4 and > NAT as usual for IPv4 traffic. > > -mel via cell > >> On Jul 5, 2015, at 6:57 AM, Josh Moore <jmo...@atcnetworks.net> wrote: >> >> We are the ISP and I have a /32 :) >> >> I'm simply looking at the best strategy for migrating my subscribers off v4 >> from the perspective of solving the address utilization crisis while still >> providing compatibility for those one-off sites and services that are still >> on v4. >> >> >> >> >> Thanks, >> >> Joshua Moore >> Network Engineer >> ATC Broadband >> 912.632.3161 >> >> On Jul 5, 2015, at 9:55 AM, Mel Beckman <m...@beckman.org> wrote: >> >>>> >>>> Josh Moore wrote: >>>> >>>> Tunnels behind a CPE and 4to6 NAT seem like bandaid fixes as they do not >>>> give the benefit of true end to end IPv6 connectivity in the sense of >>>> every device has a one to one global address mapping. >>> >>> No, tunnels do give you one to one global IPv6 address mapping for every >>> device. From a testing perspective, a tunnelbroker works just as if you >>> had a second IPv6-only ISP. If you're fortunate enough to have a dual-stack >>> ISP already, you can forgo tunneling altogether and just use an >>> IPv6-capable border firewall. >>> >>> William Waites wrote: >>>> I was helping my >>>> friend who likes Apple things connect to the local community >>>> network. He wanted to use an Airport as his home gateway rather than >>>> the router that we normally use. Turns out these things can *only* do >>>> IPv6 with tunnels and cannot do IPv6 on PPPoE. Go figure. So there is >>>> not exactly a clear path to native IPv6 for your lab this way. >>> >>> Nobody is recommending the Apple router as a border firewall. It's terrible >>> for that. But it's a ready-to-go tunnelbroker gateway. If your ISP can't >>> deliver IPv6, tunneling is the clear path to building a lab. If you have a >>> dual-stack ISP already, the clear path is to use an IPv6-capable border >>> firewall. >>> >>> So you are in a maze of non-twisty paths, all alike :)
