Operational challenges of no NAT
jay at west.net
Thu Oct 28 08:46:55 CEST 2010
On 10/27/10 11:31 PM, George Bonser wrote:
> Now I must get each one of these servers individually white listed and
> if an IP changes, that must be changed at the other end too. And it can
> sometimes take weeks to get things white listed depending on who it is
> with. I have people who balk at white listing a /25 as being too wide a
> range. What are they going to think about a v6 /64? This also prevents
> any use of autoconfiguration if each address must be separately white
> listed. Most of these accesses are stuff that the regular internet has
> access to but we are allowed a greater number of accesses without being
> throttled or there might be considerable configuration involved where a
> certain function in one direction has a "call back" IP that is
> different. So each IP that we might connect into them with must be
> mapped to some other IP on our side for transactions from them that
> might happen later.
The problem seems not to be with IPv6 or the size of the subnet but some
rather bizarre rules under which someone else operates and your need
and/or willingness to jump through flaming hoops to please them.
A /64 is a single subnet. It could be one host, thousands, even
billions although LAN/broadcast issues are such that more than a few
hundred are not usually going to be practical.
If your peer is willing to accept traffic from you and whitelist your
subnet, then your peer is willing to do so. If not, not.
As far as a different "call-back" IP, that IP can be conveyed within the
payload (as in SIP) or hard-coded in some manner, the same as it can be
done in IPv4.
> Yes, I understand that this process is going to take some sorting out on
> both sides of the transaction but my question is if anyone else has run
> into this sort of problem and how did you crack that nut?
It sounds as if reasonableness and understanding on the part of the
other party are what would be needed to solve this issue. If the other
party isn't reasonable or clueful, perhaps you should be talking to one
of their competitors.
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
More information about the ipv6-ops