On Oct 11, 2023, at 12:47, Mark Andrews <marka@isc.org> wrote:
It is no different to deploying PNAT44 in every CPE box in the world to allow you to connect to the global IPv4 internet today. Virtually no home network on the planet has fully functional IPv4 available to it. Many businesses networks don’t have fully functional IPv4 networks. We have already installed transition middle boxes between the public IPv4 internet and your private IPv4 internet. The are just so ubiquitous that you are unaware of them. This is just a transition between your IPv4 internet (public or private) and the global IPv6 internet.
1. I’m one of the few homes that is an exception to that “virtually no home” statement. 2. Yes, I’m acutely aware of them, I’ve deployed plenty of them, and regret each and every one. 3. The difference is that you can deploy a PNAT44 CPE box without an IPv6 address. You cannot deploy a NAPT64 box without an IPv4 address.
Almost all traffic flows go through a transition box today.
Sad but true. Still not really relevant to the point being made.
If the router modifies the source or destination addresses or the ports of the packet it is a transition box. It is the border between two internets.
Absolutely agree… Still not the point… The point here is that at some point, even with translation, we run out of IPv4 addresses to use for this purpose. What then? Owen
-- Mark Andrews
On 12 Oct 2023, at 06:07, Delong.com <owen@delong.com> wrote:
On Oct 10, 2023, at 17:20, Mark Andrews <marka@isc.org> wrote:
On 11 Oct 2023, at 09:43, Delong.com via NANOG <nanog@nanog.org> wrote:
As a community, we have failed, because we never acknowledged and addressed the need for backward compatibility between IPv6 and IPv4, and instead counted on magic handwaving about tipping points and transition dates where suddenly there would be "enough" IPv6-connected resources that new networks wouldn't *need* IPv4 address space any more.
I’m not sure that we never acknowledged it, but we did fail to address it, largely because I think we basically determined that it’s “too hard”.
It’s not actually that hard to do on a small scale, i.e. inside a home CPE with a DNS server and a NAT64 implementation that supports semi static mappings. It does require IPv4 sites have IPv6 connectivity. You stand up a DNS46 which requests an unused IPv4 address from a prefix block, say 10/8, when there is an IPv6 address without an IPv4 address from the NAT64 with the IPv6 address it needs to be mapped to with an initial NAT64 lifetime value. The DNS46 would forget the mapping after half that initial lifetime. The DNS46 would return A records limited half the lifetime or less so they timeout before the NAT64 mapping expires. The hard part is scaling up to a large client base because not every DNS query results in IP traffic and you need a prefix block big enough to support the add rate of the client base. Doing this at ISP scale would be interesting to say the least. This is not theoretical. It has been implemented in the past though some to the details might differ.
That’s not what we’re talking about… That’s translation, not backwards compatibility.
Companies that have gone IPv6-only internally do this with fully static IPv4 to IPv6 mappings and skip the DNS46 step.
But doing that requires that the companies have a certain amount of V4. The question was how to talk to v4-only hosts with ZERO IPv4 addresses available to you.
So if you have a legacy device that can’t talk IPv6 there is a solution space that allows it to talk to the IPv6 internet. You need to install it however. Adding DNS46 to a nameserver is about a days if you already have a DNS64 model. The hard bit is working out how to talk to the NAT64 implementation. A good project to put on a Raspberry Pi or similar.
I’m a new entity. I need to talk to the IPv4 internet. I have zero IPv4 addresses and none are available to me.
How do I make any of this work?
That’s the question that remains unsolved and that’s the one we most desperately failed to tackle.
Owen