[olug] I seem to have an Omaha Cox Residential IPV6 address

Lou Duchez lou at paprikash.com
Mon Mar 21 08:42:46 CDT 2016

IPv6 Prefix Translation! I think that's what I'm looking for.  Wikipedia 
says it's still an experimental specification, though, so I'm not sure 
we can count on it yet -- but I'm glad The Smart People Who Take Care Of 
This Stuff are at least aware of the issue.

> Lou Duchez <lou at paprikash.com> writes:
>> Also a n00b; I was looking into IPv6 the other to not get caught out in the cold
>> when it finally descends on us.
>>  From what I could tell, of that 128 bit address, the first half (roughly) would
>> be permanently assigned to you by your ISP, with no practical risk of them
>> running out of IP addresses.  The second half would be the part that would come
>> from a DHCP pool, and if it's a well-managed pool, it would re-issue the same
>> addresses to the same devices unless a conflict arose ... and in IPv6 that
>> shouldn't happen.  So in theory, IPv6 addresses issued by DHCP should be
>> functionally permanent, unless something happens to the DHCP server and it gets
>> amnesia.
> A couple months to a year is what I was seeing when I was looking.
> People keep reorganizing their networks.
>> I still think it's a bad idea that IPv6 doesn't support NAT, though.  It's good
>> that IPv6 isn't built to require NAT -- VoIP is a case where NAT causes endless
>> problems -- but NAT is darn handy a lot of the time too.  When I'm configuring
>> my internal network (servers, printers, etc) it's good to keep that independent
>> of the carrier I'm using.  And I don't have statistics on it, but I would bet
>> one of the leading reasons malware hasn't fried every (non-Linux) computer out
>> there is the inherent firewall that you get with NAT.  It's not a complete
>> firewall of course, and in some quarters you'd be flayed alive for saying that
>> NAT does any firewalling whatsoever; but if there's a thing between my computer
>> and the Internet that keeps unsolicited traffic from getting at my computer, I'm
>> going to call it a firewall.
> With respect to NAT.
> A) Devices may have multiple IPv6 addresses so that you can have two
>     upstreams giving you two different prefixes (residential should be a
>     /48 or a /56) and your devices can work with either of them
>     simultaneously.
> B) Additionally there are unique local addresses which are roughly the
>     equivalent of private IPv4 addresses.  Anyone can use a random number
>     generator to get a /48 prefix that is almost guaranteed that no one
>     else will use.  These addresses are good for your internal machines.
> C) There is also IPv6 Prefix Translation that as it passes through your
>     router converts your internal IPv6 prefix to the prefix your upstream
>     has provisioned you with IPv6.  This is ideal for the dual upstream
>     scenario.  On a good day IPv6 prefix translation is clever and
>     performs an ip checksum agnostic translation so that only the IPv6
>     prefix needs to be changed.  So your router does not need to crack
>     anything beyond the IPv6 header.
> Port translation as is common in IPv4 NATs is truly nasty, and can be
> said to be what keeps us from having nice things.  The change in port
> number as you go through a machine that performs NAT translation keeps
> many protocols like SIP (AKA telephone calls) from working on public
> internet.  There are techniques that get through NAT but there
> effectiveness through port translation is only perhaps 80% so today you
> need a server in the middle introducing latency and bandwidth issues,
> when you have a voice or video conversation.
> At the same time simply having a firewall that implements the same
> policy as IPv4 NAT open on outgoing traffic can be communciated through
> 100% reliably for end-to-end protocols with an introduction server.
> Eric
> p.s. Centurylink aslo has a native IPv6 path.

More information about the OLUG mailing list