I’ve been doing a lot of research into IPv6 deployment scenarios as more and more of my service provider customers begin looking for solutions. The main problem that needs immediate attention is the lack of IPv4 address space left for service providers to use for turning-up new customers.
Let’s start off with the basics. First, you’ll need to request an IPv6 block from ARIN (in North America). You’ll then need to identify if your current upstream provider will do IPv6 MP-eBGP peering with you. This is key. If they won’t, find one that will.
Now that you have an address block and its advertised out to the IPv6 Internet you have to create a migration strategy. Unfortunately this is where it gets tricky. You can’t just move all of your customers to IPv6 and be done. There are two main reasons for this:
- Not all websites (or other services) your users will access have an IPv6 equivalent.
- Not all of your users have devices (routers, PCs, etc.) that support IPv6.
This leaves you with supporting both IPv6 and IPv4 services for the foreseeable future as your only option. Let’s tackle the first problem. You will have to continue with your IPv4 peering and add in IPv6 peering to your upstream providers. This will give you access to the IPv6 Internet and allow access into your network via IPv6. At this point if you had a dual-stack client running both IPv4 and IPv6 you could theoretically get to all of the IPv6 AND IPv4 sites on the Internet.
What about the clients that don’t have an IPv6 stack? Hmm, out of luck on the v6 sites. This also doesn’t conserve any v4 addresses as all of your customers would need a v6 and a v4 address. This brings us to problem two. You have a few options, some are bad, some are tolerable … none are all that good.
- Run dual-stack v6 and v4 and use RFC1918 private addresses + NAT for v4
- Give all customers only a v6 address and use NAT-PT or NAT64/DNS64 (preferred) to translate for access to v4 sites
- Customer devices that don’t support v6 will need to be upgraded.
- Suffers from some of the same issues v4 NAT has
As I write this, the preferred solution is to run IPv6 only and use NAT64/DNS64 to provide access to IPv4 sites with a client running only a v6 stack. Old customers can continue to run IPv4 if needed, but should be encouraged to migrate to IPv6, new customers should be turned up as IPv6. I’ve included a simple diagram to demonstrate.