nslay at comcast.net
Fri Apr 24 19:00:28 UTC 2009
Steve Bertrand wrote:
> Nathan Lay wrote:
>> I started playing with IPv6 on my home network with the intent to
>> transition over. While many things work quite well, IPv6 technology in
>> general still seems to have some rough edges.
> I disagree. I believe the "rough edges" do not belong to IPv6, the
> "rough edges" are the applications that are not compatible, the network
> devices that are not compatible, and the ISP's who have the mindset that
> they will never need IPv6, and refuse to look at it.
While the IPv6 implementation is great, it doesn't seem like it can be
used for anything serious yet. If there is to be a transition to IPv6,
the applications that assist the management of an IPv6 network appear to
need improvement (like rtsol/rtadvd, faith/faithd for example).
>> To be backward compatible with IPv4, I had a look at faith and faithd
>> and while these tools are ingenius, I don't think they are good enough
>> for transitioning to IPv6. I imagine it is possible to write an
>> IPv6->IPv4 NAT daemon that uses faith to capture and restructure
>> IPv6/IPv4 packets. Though, it really seems like this is the firewall's job
>> A pf rule like:
>> nat on $inet4_if inet to any from $lan_if:network6 -> ($inet4_if)
>> would be extremely convenient. I'm aware pf doesn't support the token
>> :network6 ... its just a wishful example. The IPv6 mapped IPv4
>> addresses would be the standard ::ffff:0:0/96 prefix. I imagine that
>> this is very difficult to implement but I don't see why it wouldn't be
>> possible. If a firewall supported this kind of NAT, a home network
>> could easily deploy IPv6 and be backward compatible. Well, not quite, I
>> guess BIND would have to serve IPv6 mapped IPv4 addresses to IPv6 queries.
> My hope is that I never have to deal with anything where IPv6 and NAT
> are in the same sentence :)
I don't see how my suggestion is difficult to comprehend from the user's
perspective (from the programmer perspective, it seems nightmarish).
You have a dual-stack router, the objective is to share connectivity
over one or more IPv4 router addresses with IPv6 clients. Conceptually
its the same as NAT on IPv4/6-only networks. Since there is a standard
IPv6 mapped IPv4 address prefix (::ffff:0:0/96) IPv6 clients need only
use this prefix to reach IPv4 networks. The only real issue is that a
DNS server needs to serve IPv6 mapped IPv4 addresses to IPv6 queries.
The nightmarish aspect is this probably involves more than just address
translation, IPv4 and IPv6 are apparently very different. If faith(4)
works the way I think it does, a program could be made to accomplish
similar, but it really seems like a firewall should do this (to be
consistent with what firewalls are already assumed to do).
The consequence of such a feature is that IPv6-only home networks (minus
the dual-stack router) will not only be seamlessly backward compatible
with IPv4 Internet, but it will be slightly better than choosing to use
192.168.x.y, 10.x.y.z or 172.x.y.z since it can reach IPv6 Internet
too. This would significantly help IPv6 transition and adoption.
More information about the freebsd-net