Discussion - IPv4 vs. IPv6 vs. NAT

What is i2 backbone? How come my network never have any problems about DNS translation delay? I am using exclusively IPv4, and we host our own DNS. We never experience the problem that you describe?

 

i2 is an educational use fiber backbone network, usually deployed to large universities. They have transitioned to IPv6. The delay occurs when you send a DNS request from IPv6 address, then it goes to the IPv6 DNS translation server, from there it goes most of the time to an IPv4 DNS server, then to the end point. Now follow that route back and forth a few times and latency is pretty evident, even with the high line speed taken into context.

 

Practically it is Cisco campus network model then? Who is moving to IPv6? Most of the world is running IPv4. If you have IPv4 DNS, and your network has IPv6 DNS, I don't think I would have to be concerned because you DNS is doing the translation not my DNS. The latency is not the problem as long at I have my route configure properly. When you do DNS query, why would you have to route the packet back and fourth a few times?

My network is the same as you discribe, and I never have any lag on the network. Yes, my network has at least 4000 users. Would you like to explain more? Because I disagree with your answer.

I know DoD is moving to IPv6, but the project has been abandoned according to conference that I was in. Most of the schools still use public IP address on their campus network. That why they run out of IP space. I don't want to name the school on public webboard. Just use NAT people. IPv6 is good in concept, but it is unproven, and most of router provider such as Cisco or Juniper hasn't had full blown support with IPv6 scheme yet. Some bugs are still there. At least you can't use IPv6 on network printer.

If you deploy IPv6 on campus network, you still have to use IPv4 and translate to IPv6 on your router. I don't see why people would do that unless you don't have IPv4 public address.

Are you agree?

 

No. I don't agree. IPv6 has been around as a standard since the late 90's and the root internet DNS servers will support it pretty soon. Also, Cisco's enterprise grade network equipment has been fully IPv6 compliant for quite a while now. IOS updates provided that functionality. As for address translation... if the universities network is an IPv6 network, there's no need for local translations to take place. Vista, 7, and OS 10.4+ support IPv6 networking, along with most every consumer based wireless router. With that in mind, most of your address translation will occur at the network's IPv6 to IPv4 translation server. Once the root name servers are compliant, then there will be no need for translation at all. The move to IPv6 WILL happen, it just takes time. NAT is a stopgap, also deployed for security sometimes. NAT is more the reason for latency IMO, because a lot of people with DSL don't realize that they are sometimes double or triple NAT'd.

@ OP... Are you on DSL?

 

This is going to make my day. I love argument. Let me ask you this question before we continue. Are you talk from the experience or just from the textbook? What do you run on your network? Have you ever run core switch like cisco 6509 or 7609? Have you ever run BGP, which is ISP defacto routing protocol. Do you know that internet world is run on BGP?

Your answer is an textbook answer to me. It is true that NAT is an intertim technology before IPv6 becomes full blown. The thing is there are so many bugs when you deploy IPv6 in your network. Let me give you some insider if you follow NCAA football. There are a few school in NCAA top 25 still haven't NAT their network, and they still use public IP all over campus.

We are not talking simple DSL here. We are talking about huge network that I have been involved. You can say all you want about Vista or 7. The main routing protocol and router still run on IPv4. They are running either OSPF or EIGRP. OSPF v3 supports IPv6, but how many company run that? When you run IPv6 routing protocol on the top of IPv4, it does stress the router.

I am on the leading edge not bleeding edge, and IPv6 is bleeding edge for me. If IPv6 is so perfect, why all the ISP converts their core switch to IPv6? Think about big picture my friend. I had been there, so I know it is hard to go IPv6 at the moment.

 

I have bad dreams about EIGRP and IGRP from how many times I have to program IOS equipment. I've used ">router RIP" so many times.... And yes, I run BGP on several routers.

I've deployed IPv6 within a local network of about 250 addresses. The beauty of IPv6 is that it's allowed me to have a common global addressing scheme. It's much cleaner than IPv4 in that respect, and I've not run into any issues so far. Albeit, we don't have anything connected to our network that isn't company owned, and our IP's aren't DHCP addressed, so that maybe why we're seeing so few issues. Our network uses IS-IS, which is similar to OSPF, but IS-IS is easily adaptable to IPv6. IS-IS is mostly "address type" independent, with it supporting IPv4 and v6 with the same level of compatibility.

I'm trying to stay on topic...LOL. But I like debating these things almost as much as you do, it seems.. Yes, it does stress network equipment when running protocols originally designed with IPv4 in mind, but there are other protocols that are easier to implement.

I don't consider our network on the "bleeding" edge, but it's certainly more futureproof that most. And I wouldn't say it was hard to implement, just not easy to plan for. Planned IPv6 networks are no harder to implement than IPv4, it's just you mostly have to have a company/school with a decent IT budget for new equipment. Our IPv6 rollout was painless, and the reason being was the internal routing protocol. IS-IS is a dynamic routing protocol. It uses OSPF's routing protocols for route selections, and it's pretty efficient at what it does. It also supports OSPF's "fast hellos" for route reconfigs on the fly.

 

1. You claim that you have problem with EIGRP, and you said that you run IS-IS on your network. I don’t get it. EIGRP is much easier to deploy than IS-IS or OSPF? How do you run BGP? Do you work for ISP or you have you advertise your public autonomous like I do.
2. You are talking only 250 machines. Try to add two more zero and comes talk to me, how do you separate broadcast domain then? IPv4 is using subnet in conjunct with VLAN to split broadcast domain. Before you talk about IS-IS, how many core switch do you have? It doesn’t really make any different if you run IS-IS because OSPF supports IPv6 as well. How big is your network? I am talking about at least 5000 people. You run IPv4, and you can subnet into common global scheme as IPv6. VLAN allow you to reduce broadcast domain size and enhance security. I don’t know how IPv6 can do that if you are talking about link local.
3. Have you ever design the big network? The reason I ask because you make it sounds too easy. I revamp campus network with 8 core switch plus running BGP on separate router, and all the WWW has to point to my DNS to get to my work place. Yes, we own dot entity like .edu or .com, so everyone has to come to me to connect to my company. You said you run IS-IS on the top of OSPF? Who are you working for? People either run OSPF or IS-IS. There is a very rare practice to run multiple interior routing protocols on the same network.

 

These are not all the same network. IGRP, and EIGRP, I haven't used in a while, but I remember having to do MANY configurations with that protocol. It's not the easiest thing to configure. And yes, my work is contracted.

I'm not getting what you're saying. Well, some of it I do... But no, our network is solely IS-IS. IS-IS shares a LOT of OSPF's link-state protocols, and is more reliable and scales easier with less overhead. The two interior routing protocols - IS-IS and OSPF... share a lot of similarities, with IS-IS being more address autonomous. OSPF is only an IPv6 compatible protocol in v3. My broadcast domains are separated by pretty much the same ideals as IPv4, but instead of broadcasts we have multicasts, therefore less overhead. Also, IS-IS doesn't use IP to relay routing information. But yes, I agree, our network is much smaller than the one you're revamping, and I can see where it'd be a pain to deploy IPv6 in place of IPv4 on an already operational network. We had just moved into a new building, and we got the opportunity to design a new network from scratch, with all new equipment. Currently we only have 2 Cisco 2921 IS routers, and 7 Catalyst 2960S switches. So our installation is definitely smaller, but it works for us, and it's adaptive, where our old location wasn't. And in response to another question, no... I've designed them on paper, but there just aren't many large companies around me that are looking to upgrade their networks. So, I've drawn them out, just not deployed them, so I don't know how the larger networks scale with IPv6, but it's something I've wanted to work on.

 

You have only Cisco 2960 and 2921??? Come on man! The smallest router I got is Cisco 3800. I still have no idea what 2960 looks like. I deal with 3750 and up. If you deploy with 6 switches, you don't even have big enough broadcast domain. I am talking about at least 200+ switches not included multiple core switches.

You don't really need routing protocol with those switches. Can it run routing protocol on those? It is multilayer switch right?

EIGRP is the easiest protocol to configure beside RIP. OSPF is a little more difficult. Are we talking about the same size network? Like I told you before, if IPv6 is so scaleable, ISP would be the first entity to move because they don't have to keep NAT their network. The concept in the paper is good, but it is totally different story when you implement it on the large network.

Do you even host your own DNS, mail server, web server, or VOIP?plus you have to consider security between VLAN.

What are you talking about Multicast? Routing protocols use multicast to update routing table and break up broadcast domain has nothing to do with multicast. You use multicast when you do something like deploy OS or using network security camera or video broadcasting. Muticast doesn't help you with break up the network. IPv6 still hasn't address issue with LAN multicast either.

What are you using malticast to break up your broadcast network? PIM-Dense or PIM-Sparse? I don't see how it works. I deploy multicast for camera security but not for the purpose that you mention.

 

Just to spark up some discussions on the topic, I'm going to throw out these three...

• IPv4 - Internet Protocol v4 - It is the first version of the IP protocol to be widely deployed. It also forms the very core of today's internet services world-wide. It's set to be superseded by IPv6 sometime in the near future, because of the shortage of IPv4 addresses.
• IPv6 - Internet Protocol v6 - It's the sucessor protocol to IPv4, allowing a MUCH higher amount of device addresses, and less network overhead. Also IPv6 features network security enhancements as a part of the standard, while IPv4 had to have them added in at later points.
• NAT - Network Address Translation - Was introduced as a stop-gap to attempt to alleviate the shortage of IP addresses. Where this is a good attempt, it introduces some issues, particularly with home installations where if not configured properly, it can introduce latency and can cause headaches for home users.

How would you implement those in a new or already operational network? Would you just implement an IPv4 internal network and utilize NAT? Or futureproof with IPv6 and face a harder task at deployment? Merlin_72032 posed some interesting questions, with larger networks that are already operational and not using NAT, would you transition the network to IPv4 behind a NAT... or transition the whole network over to IPv6, with the relevant IPv4 or IPv6 backhaul?

It's a costly decision, and more and more universities and companies are having to face this issue, so what would be your plan of action? Take into consideration the costs of each, and how difficult these will be to maintain... I'm talking mucha mula! $$$.

 

Hey, when you deploy IPv4, you are using NAT at the same time unless you own the large blog of IP like some big schools do. I have seen many schools deploy their network without using NAT. They use public IP block internally and externally.

If you deploy IPv4 properly, the overhead is minimal. You can't even feel it. Do I get paid if I discuss in depth?

H.A.L, I can design your network that you post earlier right here right now. It doesn't even break a sweat. You don't even need dynamic routing protocol. Just need static route.

 

I'm so glad. But seeing as how I'm not going on about my current job any further... if you could redesign the network you're revamping now from scratch, how would you build it? Also, you said you see scalability issues with IPv6 in larger networks... explain that, as I haven't seen that yet, as I haven't really worked on a truly large network.

 

The problems with the IPv4 to IPv6 transition isn't on the network side. It's the damn services and applications, namely the legacy ones, that can't talk IPv6 properly or at all. Update those and it's smooth sailing.

Like merlin said, IPv4 to IPv6 is pretty trivial from the network standpoint. Easiest thing to do, IMO, is dual-stack, run v4 and v6 simultaneously, and then cut over to v6 entirely once everything can talk v6. You just have to make sure your apps work. The only thing area that might be kind of tricky is your network edge, whether you're talking to your provider via IPv4 or v6.

Without a proper scenario though, it's really hard to say how you should transition.

 

Please act normal in this thread -- thanks. I had to delete a post.

 

Thank you!! you are the voice of reason that I have been looking for. You are right on the spot about the application. I was just pay too much attention on network standpoint.

You are also correct about running dual-stack. People talked to me about this too, but I don't see the benefit since most of the applications are talking IPv4 especially muticast one. It is hard to deploy multicast on IPv6. Most of ISPs are talking IPv4 too, so I don't want to be on the bleeding edge like I said in another post.

If the address space is the concern, you can subnet private class A with 16 bit mask. That give you a lot of host plus you conserve you public IP from outside. You don't really need to deal with complex routing protocol if you do it right and try to keep it simple.

How come I never see you around? Come to talk to me more often because your answer is right on!