Hosting provider allocation advice

Benny Amorsen benny+usenet at amorsen.dk
Fri Oct 16 12:15:41 CEST 2009


<michael.dillon at bt.com> writes:

> Rather than add IPv6 to existing services or convert each existing
> service to an IPv6 version, I would rethink it from the ground up.

This is actually one of the few large problems with dual-stack: With
IPv4 you're often forced to put a lot of hosts into one subnet, because
the waste of 3 addresses per subnet potentially quadruples your IP
address requirements. To make that work you use switch-based firewalls
which make sure that the hosts on each port can only use the assigned IP
addresses and only access other ports according to the security policy.
With IPv4 DHCP you can even dynamically assign static addresses based on
switchport number.

This model is completely unnecessary in IPv6, and it is probably
difficult to get the fancy switch-based firewalls to work for IPv6
anyway. Even if you succeed, you still have to do all the static
allocation and address management for IPv6, because automatic addressing
(or just letting the customer handle it, within their subnet) just
doesn't work in this model.

The obvious way to do this in IPv6 is to route in the firewall instead
of switching. However, I haven't seen any device other than a modern
Unix box which can choose switching or routing based on whether a packet
is v4 or v6...

In summary, shared hosting centers now need to run a cable for IPv4 and
a cable for IPv6, and double the number of ports in their
switches/routers.


/Benny



More information about the ipv6-ops mailing list