Re: Enhanced SIIT

[Nathan Ward <v6ops@daork.net>]

On 19/10/2007, at 11:53 AM, Stephen Sprunk wrote:

> That's not stateless translation.  There _are_ stateful NAPT boxes  
> that can do failover because they share state, and that technology  
> could be applied to a stateful variant of SIIT if desired.

I'll just close my un-sent email, then.

For sake of clarity, I'll note that my interpretation of NAPT is  
Network Address and Port Translation, not " " Protocol ".


I don't think updating IPv4 hosts is feasible at this point - the  
reason I'm not putting AAAA records in parallel with my A records for  
my web content is that NAPTing non-RFC1918 IPv4 breaks 6to4 for 1-2%  
of my users.
About 4% of my users are versions of Windows without IPv6 capability.

I'm told that IE7.0 is being pushed out to Windows XP machines  
automatically now, yet 54% of Windows machines that hit my are  
running IE6.0.

What both these thing tell me is that even if vendors did make this  
available, a large number of people aren't going to run the updates  
to get the code.

While this solution may be the cleanest on paper, we're at the point  
where we need to be deploying practical, realistically achievable  
solutions for these problems, instead of introducing complexity in to  
legacy parts of the network. My view is that the path of least  
resistance is to create an extension for IPv6 to do this, as opposed  
to an extension to IPv4.

The approach of using some kind of proxy was proposed, and that's my  
preferred solution at this stage if some kind of IPv6 host to IPv4  
host scheme is deemed needed - the drawback is that it doesn't allow  
IPv4 hosts to establish new connections to IPv6 hosts, only IPv6 ->  
IPv4. While it's my preferred solution, I'm still on the fence as to  
whether it's worth doing. As an aside, this might be easier if TCP  
and UDP ports for most applications didn't have default values..

My solution to one day not having IPv4 addresses to assign to end  
users (home broadband/dial users) right now, is to run dual-stack,  
where the v4 part of the stack is NAPTed. It's not ideal, as users  
are going to be double NAPTed if they have their own unit doing it at  
home, but it won't prevent them from getting to regular content  
providers which is the the first requirement from my POV.
As I've noted recently, P2P clients are now becoming IPv6 aware so  
from an end user's POV, that stuff is still likely to work for them  
for the most part. Realistically, so few of those people are going to  
be running SIP, and even fewer are going to be running SIP UA's not  
provided by their service provider, that I'm really not concerned  
about that.
Depending on people's businesses, they can look at offering enhanced  
plans with a 'real' IPv4 address, or maybe it's stuck on freely for  
customers who call helpdesk with problems with certain applications -  
sticking my finger in the air tells me that the majority simply won't  
care.

Bleak? Maybe. I really don't see a realistic alternative (save for  
slight modifications of the above) to get us through the next 5 (or  
so) years.

--
Nathan Ward