From: Stephen Sprunk (no email)
Date: Tue Oct 02 2007 - 13:20:05 EDT
Thus spake Duane Waddle
> On 10/2/07, Stephen Sprunk <> wrote:
>> If you think anyone will be deploying v6 without a stateful firewall,
>> you're delusional. That battle is long over. The best we can hope
>> for is that those personal firewalls won't do NAT as well.
>
> Vendor C claims to support v6 (without NAT) in their "enterprise
> class" stateful firewall appliance as of OS version 7.2 (or
> thereabouts, perhaps 7.0). I've not tried it out yet to see how
> well it works.
Good for them. Perhaps one day their Divison L will wake up and do the same
for consumer products.
> But, as far as the home/home office goes -- will my cable/dsl
> provider be able (willing?) to route a small v6 prefix to my home
> so that I can use a bitty-box stateful v6 firewall without NAT?
> What will be the cost to me, the home subscriber, to get said
> routable prefix? I am sure it increases the operator's expense
> to route a prefix to most (if not every) broadband subscriber in
> an area.
Pricing is, of course, up to the vendors and operators in question.
One possibility is that your CPE box would do a DHCP PD request for a /64
upstream, the /64 would come out of a pool for your POP. As the response
came back downstream from whatever box managed the pool, routers would
install the /64 in their tables to make it reachable. It wouldn't need to
propogate any higher than the POP since the the POP's routers would be
advertising a constant aggregate for the pool into the core.
Another possibility is that the operator would assign a /48 (or /56) to your
cable/DSL modem, which would handle the above functions at the home level
instead of the POP level. It would provide a /64 natively on its own
interface, and delegate /64s to downstream devices on request. If
customer-owned CPE boxes did the same thing, you could chain hundreds of
them together and have a network that Just Worked(tm).
> In the beginning, cable operators were reluctant to support home
> customers using NAT routers to share their access.
Of course -- they were used to charging per television. However, they
learned over time that they really wanted to charge for usage and the
per-computer model didn't work like the per-television model did. Now they
don't care about how many computers you have, just how many bits you move.
That's a good thing.
> Now, renting/selling NAT routers to customers has become a
> revenue stream for some.
I bet they break even at best on the rentals, given how often the darn
things die. One shipment and/or truck roll eliminates a year's profit
margin on the equipment, even if the replacement box itself is free.
> How does lack of v6 NAT affect all of this?
It prevents them from being characteristically stupid. However, I wouldn't
be surprised if one or more of them demanded it from their vendors, though,
or if their vendors caved to win a deal.
S
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking
|
|
|