Solved: IPv6, AS, BGP and IPv4 world

VictorCL59 · ‎02-20-2013

Hello everyone.

I'm Victor from Ukraine and I need you suggestion.

Our company is going to have it own datacenter with several racks,

We need our own global AS with PI prefix but as you know RIR won't assign to as a IPv4 prefix.

So we just can ask for IPv6 prefix to have some kind of /48.

One big question!

How will our clients in Ukraine/world with only IPv4 addresses access our servers that are only on IPv6 from their home and office places?

There are a lot of translation mechanisms but we additionally need some scope of IPv4 for it - yes?

If yes, we need PA IPv4 addresses and if ISP who gives us these ones, will loose with our DC connection, we loose this translation ipv6ipv4

it looses any senses about our AS with BGP as redundant mechanisms for High Availability.

How do people in the USA do this?

Thanks.

James Leinweber · ‎02-20-2013

> ... we just can ask for [PI] IPv6 prefix to have some kind of /48.

This is a good idea. If it is going to be large datacenter, or expand later to multiple sites maybe try for a larger allocation, such as a /32 or a /40.

> How will our clients in Ukraine/world with only IPv4 addresses access our servers ...

Unfortunately, they won't be able to. There are no successful designs for NAT46 to let IPv4-only hosts talk to IPv6 servers at internet scale; that is why the IETF deprecated NAT-PT in RFC-4966. The most dire of the many problems is the impossibility of scaling DNS46 AAAA --> A mappings for the NAT translation in a reliable way. NAT-PT only works for very small client networks, and even there dual-stacking the clients is easier. Server providers can't control the client networks in any case, so we have to find some other way of dealing with IPv4-only clients.

IPv6-only clients talking to IPv4-only servers can limp through NAT64+DNS64 translaters with more success, at least for simple TCP connections. This appears to be what Chinese ISP's and US cellphone LTE4 networks are deploying for new networks: IPv6 only clients, plus NAT64 to get to the legacy v4 servers. The fact that going through a carrier-grade NAT translator gives a radically inferior experience to native IPv6 doesn't bother them, because the top traffic destinations in the USA such as Google, Youtube, Facebook, Netflix etc. are already dual-stacked with native IPv6.

> ... we need PA IPv4 ... [and lose] AS with BGP as redundant mechanisms for High Availability.

Correct.

Your next best alternative might be trying the still-experimental LISP (location/id separation protocol) with cooperating ISP's to get the routing redundancy you are looking for; see RFC-6830 through RFC-6836. Cisco is pushing this fairly hard.

> How [do] people in the USA do [this]?

They buy legacy PI IPv4 space from bankrupt corporations which are unloading underutilized /16's:

http://www.networkworld.com/community/blog/microsoft-pays-nortel-75-million-ipv4-address

http://www.theregister.co.uk/2011/12/05/borders_flogs_ipv4_addys/

In general this requires consent to transfer the address block from the parent RIR, in these north-american cases ARIN.

The pain of the slow IPv4 --> IPv6 transition falls hardest on new service providers, as you are unfortunately discovering.

-- Jim Leinweber, WI State Lab of Hygiene

View solution in original post

James Leinweber · ‎02-20-2013

> ... we just can ask for [PI] IPv6 prefix to have some kind of /48.

This is a good idea. If it is going to be large datacenter, or expand later to multiple sites maybe try for a larger allocation, such as a /32 or a /40.

> How will our clients in Ukraine/world with only IPv4 addresses access our servers ...

Unfortunately, they won't be able to. There are no successful designs for NAT46 to let IPv4-only hosts talk to IPv6 servers at internet scale; that is why the IETF deprecated NAT-PT in RFC-4966. The most dire of the many problems is the impossibility of scaling DNS46 AAAA --> A mappings for the NAT translation in a reliable way. NAT-PT only works for very small client networks, and even there dual-stacking the clients is easier. Server providers can't control the client networks in any case, so we have to find some other way of dealing with IPv4-only clients.

IPv6-only clients talking to IPv4-only servers can limp through NAT64+DNS64 translaters with more success, at least for simple TCP connections. This appears to be what Chinese ISP's and US cellphone LTE4 networks are deploying for new networks: IPv6 only clients, plus NAT64 to get to the legacy v4 servers. The fact that going through a carrier-grade NAT translator gives a radically inferior experience to native IPv6 doesn't bother them, because the top traffic destinations in the USA such as Google, Youtube, Facebook, Netflix etc. are already dual-stacked with native IPv6.

> ... we need PA IPv4 ... [and lose] AS with BGP as redundant mechanisms for High Availability.

Correct.

Your next best alternative might be trying the still-experimental LISP (location/id separation protocol) with cooperating ISP's to get the routing redundancy you are looking for; see RFC-6830 through RFC-6836. Cisco is pushing this fairly hard.

> How [do] people in the USA do [this]?

They buy legacy PI IPv4 space from bankrupt corporations which are unloading underutilized /16's:

http://www.networkworld.com/community/blog/microsoft-pays-nortel-75-million-ipv4-address

http://www.theregister.co.uk/2011/12/05/borders_flogs_ipv4_addys/

In general this requires consent to transfer the address block from the parent RIR, in these north-american cases ARIN.

The pain of the slow IPv4 --> IPv6 transition falls hardest on new service providers, as you are unfortunately discovering.

-- Jim Leinweber, WI State Lab of Hygiene

VictorCL59 · ‎02-20-2013

thanks for you answer and suggestion.

May be I could find some IPv4 space at least with /24 prefix.

thanks a lot again