Home / server / Questions / 693845
Accepted
TCB13
Asked: 2015-05-23 05:50:20 +0800 CST

IPv6: No NAT / Local Addressing + ISP Offline

  • 772

I've been reading some articles about IPv6 and I'm currently playing with some addresses on a VPS.

Recently I was thinking on a typical home/office IPv4 network. We're used to have a local DHCP server running giving private IPs, RFC1918 to our machines and than use NAT to translate the traffic between a public ISP provided IP and our internal network.

I do understand that NAT translation was just a measure to deal with the end of IPv4 and since we've a lot of IPv6 addressing space available we can just give every computer on the world a unique IPv6 and not worry with it — network Security will still be addressed by firewalls in a not block-all NAT fashion.

However... If every host has a public IPv6 what happens to my network if the ISP dies / changes / external network is down for some reason? How can I ensure local communication? How can I avoid having to reconfigure a lot of software in case of ISP change (since the IPv6 prefix will change)?

What would be the correct way to address those concerns? Can I interlay make use a machine always have the same IP? Even if that IP is public? I've heard about a private IP space in IPv6, does that work in the same way as IPv4 or does it "append" to my IPS prefix? How does machines get their IPs after all? Should they configure them as static?

Thank you.

ipv6

1 Answers

  1. Best Answer

    You have a lot of options here.

    One of the assumptions baked into IPv6 is that everything is probably going to have several IP addresses. At the outset you have the link-local addresses (the fe80:: addresses), as well as whatever address you're assigned. That's two. The documentation makes clear that cases where an interface will have a link-local, a unique-local-address (somewhere in fc00::/7), and one or more global addresses.

    In cases like this, you have a ULA that you've configured your own assets to use and that will never change when the ISP changes. Internal accesses won't be affected by that, since you manage that address space. If you have to change ISP and didn't have a subnet allocation to call your own, the major problems will be managing the publicly accessible addresses... a problem we currently have with IPv4.

    But go back to that 'multiple address' thing again. IPv6 assumes you'll have multiple. If you're doing an ISP change, get both in for a while and distribute both address ranges. Your public assets will have both addresses for a while, which should allow DNS caches internet-wide time to purge the entries and use the new.

    That's the theory, anyway. How individual network-stacks deal with multiple addresses on different network segments on the same interface without VLANs... that's up the OS.

    In summary:

    • If you're using a Unique Local Address range internally, ISP changes (or availability) won't impact you for internal resourcing.
      • Keep in mind that you're given a subnet-range once, and configure that into your networking infrastructure. Your infrastructure will continue to hand out addresses even if the connection to upstream is down.
    • IPv6 is clear that multiple addresses are JUST FINE. If you're changing ISP, run both on your network while the DNS cut-over happens and you should be fine.
    • 7