Op 17-7-2012 8:43, Owen DeLong schreef:
On Jul 16, 2012, at 10:36 PM, Seth Mos wrote:
Hi,
Op 16 jul 2012, om 18:34 heeft valdis.kletnieks@vt.edu het volgende geschreven: To highlight what the current NAT66 is useful for, it's a RFC for Network Prefix translation. It has nothing do with obfuscation or hiding the network anymore. It's current application is multihoming for the poor.
And it's a really poor way to do multihoming.
You don't have to spend a lot of money to multihome properly.
Did you see I mentioned poor? Poor as in unwilling to pay anything more then the cost for the 2 internet connections they already have. If you are a individual this likely applies. 3G stick anyone? If you are a business, see B for Business and B for BGP. Also, I hope Mobile Internet providers will be supporting DHCP6 and DHCP6-PD for hotspots. Another place where I can see cruft being made. On that note, the world of Mobile internet providers seems to be full of assumptions about the use of the devices and connection. It can probably never be saved anymore. If there ever was a mobile network that not respected the users/clients interests this would be it.
Example: You have a Cable and a DSL, they both provide IPv6 and you want to provide failover. You then use ULA or one of the Global Addresses on the LAN network, and set up NAT66 mappings for the secondary WAN, or both if you are using ULA.
I have that and I use BGP with an ARIN prefix using the Cable and DSL as layer 2 substrates for dual-stack tunnels.
So can any user just send them an email "Hey, I dual home, can I have a /48 please?". That's not even considering that I need to terminate the prefix on a BGP router somewhere that someone surely wants money for.
Works pretty well and doesn't cost much more than the NAT66 based solution.
It's in your words "doesn't cost much more" which translates to "too much", we're all cheapskates :-)
Once you go to tunnels, why not go all the way and put BGP across the tunnels?
Because by using 2 tunnels from 2 different providers you actually hope to increase redundancy, we are not talking 2 Hurricane Electric tunnels here. It's one /48 from HE.net and another /48 Sixxs. I've had a bit too much the past few months where a number of the HE.net tunnelbrokers have been the target for a DDoS attack. Nothing I can blame HE.net for, but it does illustrate my point that having 2 different "upstream" (tunnel) providers work best. Regards, Seth