[TriLUG] IPv6 workshop

Mon Apr 18 19:18:29 EDT 2011

On Sun, 17 Apr 2011, Alan Porter wrote:

>> If there's the IP equivalent of Local Number Portability, lemme know.
> I think the answer to your question is "DNS".

Buh?  Last I checked, DNS names can't be popped into your resolv.conf
(or other OS equivalent).  They can't be put into the config of a
device for "what IP am I?"  And, there's layer-7 items where IP needs
to be declared instead of name (some backend networks that don't
span out; some NAS configs, for security).

DNS and DHCP can't solve everything, and I doubt most people have a
fully-realized Puppet or cfengine SkyNet taking care of everything.
Swapping ISPs just got a lot more touches: instead of focusing on the
DMZ and border in a move, you have to touch a whole lab/site/office.

I'm sure for homogenous or tiny home networks this isn't an issue, having 3
or 4 devices to touch (most of which are dhcp'ed), oh noes!  I have about
30, between VMs, physical devices, and configs dependent upon them, which
I could do by hand, but it's getting annoying; at $WORK, with a lab of
immense size, running tons of gear as a server instead of a dynamic client,
it'd be herculean.

> The same is currently true for my IPv4 numbers that Linode dished out to
> me.  If they go belly-up, or I choose another hosting provider, I get
> new IPv4 addresses.

It's apples and oranges.  Because Linode gives you a public IP, if they
die, you must move.  No question there.  But that's because you're public,
not already in a NAT'ed bubble.  Now, let's assume I have a private island
in that provider.  Call it Xen guests inceptionized inside a Linode, call
it a small NAT'ed office, call it a large lab at $WORK that doesn't want
to be tied to IT deciding they can save $5 by changing providers.  A 1:1
public-to-private NAT lets a bubble survive unaltered.

I'm fine with the idea that if you want to be public, and change ISPs,
that you have to touch that box.  I'm just saying, if I keep much of a
site private and just want things to go out to the world for web browsing
and updates once in a while, I'd like that to work, too, without being
on the hook for changing anything south of the router.  I'm ok if you
have trouble getting Skype to work with a remote PDU or storage array.

> If you're looking for private addresses, take a look at the "Unique
> Local Address" space in fc00::/7.
> These addresses are for exactly what you're looking for... private
> addresses that are NAT'ed behind a router.

Already found the addresses.  What I'm looking for is the cross-router
NAT/masquerade piece so (v4 and v6) internal can speak v4 external.  v6
external is of zero interest now, but transitioning to (v4 or v6)-to-6
public-to-private later by dual homing might be.