North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 -Unique local addresses)
- From: Adrian Chadd
- Date: Thu Oct 21 23:38:54 2010
On Thu, Oct 21, 2010, Leo Bicknell wrote:
> If you could number your internal network out of some IPv6 space
> (possibly 1918 style, possibly not), probably a /48, and then get
> from your two (or more) upstreams /48's of PA space you could do
> 1:1 NAT. No PAT, just pure address translation, 1:1.
> You can "renumber" by configuring a new outside translation. The
> NAT box can do the load distribution functions discussed here, some
> users out one provider, others out the second provider. There is
> no port complication, so incoming connections are much simpler.
You assume the protocol(s) don't include IP addresses inside the
You also assume the protocol(s) don't do things like checksum
application payloads, which include IP addresses.
Both of which I've seen, today. Some of which I occasionally see
inside, hm, "over-enthusiastic" HTTP procotol/application
NAT's going to be needed, but it's going to be more stateful
inspection-y than most of the vocal nanog+ipv6 people desire. :)