From owner-freebsd-net@FreeBSD.ORG  Fri Apr 24 19:00:28 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 981A31065686
	for <freebsd-net@freebsd.org>; Fri, 24 Apr 2009 19:00:28 +0000 (UTC)
	(envelope-from nslay@comcast.net)
Received: from QMTA01.emeryville.ca.mail.comcast.net
	(qmta01.emeryville.ca.mail.comcast.net [76.96.30.16])
	by mx1.freebsd.org (Postfix) with ESMTP id 816428FC16
	for <freebsd-net@freebsd.org>; Fri, 24 Apr 2009 19:00:28 +0000 (UTC)
	(envelope-from nslay@comcast.net)
Received: from OMTA09.emeryville.ca.mail.comcast.net ([76.96.30.20])
	by QMTA01.emeryville.ca.mail.comcast.net with comcast
	id jR521b0040S2fkCA1WzXU3; Fri, 24 Apr 2009 18:59:31 +0000
Received: from LIGHTBULB.LOCAL ([68.35.224.189])
	by OMTA09.emeryville.ca.mail.comcast.net with comcast
	id jX0S1b00Y45o48c8VX0UlZ; Fri, 24 Apr 2009 19:00:29 +0000
Message-ID: <49F20C08.8070006@comcast.net>
Date: Fri, 24 Apr 2009 14:59:20 -0400
From: Nathan Lay <nslay@comcast.net>
User-Agent: Thunderbird 2.0.0.21 (X11/20090406)
MIME-Version: 1.0
To: Steve Bertrand <steve@ibctech.ca>
References: <49F1128A.3080501@comcast.net> <49F1C53F.5040202@ibctech.ca>
In-Reply-To: <49F1C53F.5040202@ibctech.ca>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: IPv6 Ideas
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Apr 2009 19:00:28 -0000

Steve Bertrand wrote:
> Nathan Lay wrote:
>   
>> I started playing with IPv6 on my home network with the intent to
>> transition over.  While many things work quite well, IPv6 technology in
>> general still seems to have some rough edges.
>>     
>
> I disagree. I believe the "rough edges" do not belong to IPv6, the
> "rough edges" are the applications that are not compatible, the network
> devices that are not compatible, and the ISP's who have the mindset that
> they will never need IPv6, and refuse to look at it.
>
>   
While the IPv6 implementation is great, it doesn't seem like it can be 
used for anything serious yet.  If there is to be a transition to IPv6, 
the applications that assist the management of an IPv6 network appear to 
need improvement (like rtsol/rtadvd, faith/faithd for example).
>> To be backward compatible with IPv4, I had a look at faith and faithd
>> and while these tools are ingenius, I don't think they are good enough
>> for transitioning to IPv6.  I imagine it is possible to write an
>> IPv6->IPv4 NAT daemon that uses faith to capture and restructure
>> IPv6/IPv4 packets.  Though, it really seems like this is the firewall's job
>>
>> A pf rule like:
>>
>> nat on $inet4_if inet to any from $lan_if:network6 -> ($inet4_if)
>>
>> would be extremely convenient.  I'm aware pf doesn't support the token
>> :network6 ... its just a wishful example.  The IPv6 mapped IPv4
>> addresses would be the standard ::ffff:0:0/96 prefix.  I imagine that
>> this is very difficult to implement but I don't see why it wouldn't be
>> possible.  If a firewall supported this kind of NAT, a home network
>> could easily deploy IPv6 and be backward compatible.  Well, not quite, I
>> guess BIND would have to serve IPv6 mapped IPv4 addresses to IPv6 queries.
>>     
>
> My hope is that I never have to deal with anything where IPv6 and NAT
> are in the same sentence :)
>
>   
I don't see how my suggestion is difficult to comprehend from the user's 
perspective (from the programmer perspective, it seems nightmarish).  
You have a dual-stack router, the objective is to share connectivity 
over one or more IPv4 router addresses with IPv6 clients.  Conceptually 
its the same as NAT on IPv4/6-only networks.  Since there is a standard 
IPv6 mapped IPv4 address prefix (::ffff:0:0/96) IPv6 clients need only 
use this prefix to reach IPv4 networks.  The only real issue is that a 
DNS server needs to serve IPv6 mapped IPv4 addresses to IPv6 queries.  
The nightmarish aspect is this probably involves more than just address 
translation, IPv4 and IPv6 are apparently very different.  If faith(4) 
works the way I think it does, a program could be made to accomplish 
similar, but it really seems like a firewall should do this (to be 
consistent with what firewalls are already assumed to do).

The consequence of such a feature is that IPv6-only home networks (minus 
the dual-stack router) will not only be seamlessly backward compatible 
with IPv4 Internet, but it will be slightly better than choosing to use 
192.168.x.y, 10.x.y.z or 172.x.y.z since it can reach IPv6 Internet 
too.  This would significantly help IPv6 transition and adoption.

Best Regards,
Nathan Lay