Here’s another back-to-the-fundamentals question I received a while ago when discussing IPv6 multihoming challenges:
I was wondering why enterprise can’t have dedicated block of IPv6 address and ISPs route the traffic to it. Enterprise shall select the ISP's based on the routing and preferences configured?
Let’s try to analyze where the problem might be. First the no-brainers:
- A consumer device with high-availability requirements: use two independent uplinks (WiFi + 5G). As long as the traffic from both uplinks doesn’t merge before being sent to upstream ISPs you don’t have a problem (the proof is left as an exercise for the reader);
- An organization with a single uplink to a single ISP: no problem. Use provider-assigned IPv6 address (ideally delegated via DHCPv6 IA_PD) and put all your services into a cloud, or use dynamic DNS if you want to save $10/month.
- A large single-site organization with one or more Internet uplinks: get your own IPv6 address space and use BGP to advertise your prefix(es) to upstream ISPs. The same approach works for an enterprise with multiple large sites.
Now for the trickier use case: small office of a large enterprise. Even if they’d be willing to pay for enterprise-grade Internet access for every 3-person sales office in the middle of nowhere, do you really think that the global Internet would survive carrying provider-independent /48 prefixes for every single small office of every rich-enough organization out there?
A similar one: small organization with two uplinks. They won’t pay for enterprise-grade Internet service, and won’t get provider-independent IPv6 address space because it’s too expensive. IETF has been tackling various aspects of this elephant for a decade and still hasn’t got anywhere close to solving it.
You might wonder how many small sites really need two uplinks. Lots of SOHO offices or remote workers do – one the uplinks is a site-to-site VPN with the mothership. You could solve 95% of this problem with host-based IPsec VPN or SSL VPN (in both cases you don’t care about the transport IP address of the client) or with SSL proxy, but there’s always the problem of remote printers and IP phones. Johannes Weber described the challenges of using VPNs with dynamic IPv6 prefixes in his Troopers 2018 presentation… and it’s not a pretty picture.
Anything else I’ve missed? Please write a comment.
- Updated based on feedback from Dan Wing. Thank you!