I am in Bangalore for two days. While there are many things packed into these two days short schedule, one of the most exciting ones is Google Global Network India Innovation Summit. While Google has presented across various events in past talking about their AS15169 backbone, this is the first summit where they are covering it in detail and that too with the Indian context!
Must say that I find AS15169 quite fascinating on the BGP side of things. A massive network which follows “cold potato” routing i.e keeping the majority of traffic over IGP over larger locations, terminating BGP sessions on the virtual appliance with SDN backing, a pretty robust failover design with BGP + DNS taking care of server(s) and even entire PoP failing. I blogged about them back in 2020 here. So this should be fun!
I met a few local Bangalore ISPs yesterday. The IPv4 exhaustion, IPv4 getting blacklisted, and the lack of IPv6 large implementation seems to be the key topic which pops up on regular basis. Somehow NAT64 gives a false impression to ISPs that they can drop IPv4 completely and run networks with pure IPv6, with no IPv4 NATing at all. While the reality is that most of them are doing NAT44 i.e IPv4 to IPv4 NAT and in NAT64 design they will do IPv6 to IPv4 NAT (for destinations which are yet not on IPv6). NAT64 seems like a cool idea for ISPs with a large enough access network as they can drop IPv4 from access while keeping it only on Core on NAT boxes. But it breaks pretty badly in ISP environments where they don’t have control over the end users. NAT64 expects end users to be using services which are already on IPv6 OR use DNS with IPv4. Anything with hardcoded IPv4 just fails and that includes many corporate VPN deployments.
The ultimate fix? It’s early to say that but it seems like 464XLAT might be the fix. It’s similar to NAT64 but runs CLAT to enable virtual IPv4 stack to enable transport of IPv4 packets over the IPv6 internet. So likely in long term we will have CPEs with built-in CLAT and thus LAN side of CPEs would be the usual dual-stack with private IPv4 and publically routed unique IPv6. WAN would be pure IPv6 with no IPv4 at all on the backbone and ISP core gateway again with IPv4 + IPv6. The quite similar design though still won’t pass the DNSSEC test as effectively DNS64 is “faking” DNS replies to enable IPv4 flows over IPv6.
With the hope that you are reading this blog post over IPv6, have a good day ahead! :-)