On 2015-12-16 10:40, Jens Link wrote: > Johannes Weber <[email protected]> writes: [..] > 5) Use a SIXXS / HE Tunnel
Tunnel brokers (RFC3053) are transition technologies, they won't be here forever. You likely wanted to point out commercial VPN solutions that can provide these services just like the normal ISP who is apparently providing insufficiently configured connectivity. With IPv6 being 20 years old (RF1883) that transition has to end somewhere... Note that SixXS will be having a nice "Call your ISP for IPv6" action[1] starting somewhere next week. This hopefully will get people finally calling up to their ISPs and asking for IPv6 instead of just easily bypassing IPv6 deployment with easier means. There is no reason anymore (missing CPE/PE device support, missing OS support, missing software support) for 'testing IPv6', various locations are running it natively, many are even forcing DS-Lite/CGN to make sure they can keep the IPv4 addresses for 'business' customers. Hence, if an ISP did not take care in the last say 10 years of getting ready for IPv6, then they won't do that in the next few years either, thus better to abandon hope and chose wisely with your money. As for the dynamic issue, everybody seems to forget the great idea that Microsoft provided: Direct Access[2] or using the 'IPv6 security feature': IPSEC. Sign your packets, and check that the signature is valid & known on the receiving side, presto, does not matter what the prefix is anymore. Indeed, that does not work like PI, but all/most-of the work on alternative models have been abandoned, which is why there are so many /48s PI prefix and sub-prefixes out of PA (Provider Aggregated, remember that ;) in your routing tables.... Routing scaling research will be fun, but in the end, that is the only real way to handle that situation. Greets, Jeroen [1] https://www.sixxs.net/news/2015/#happybirthdayipv6ipv6turns20ye-1201 [2] https://en.wikipedia.org/wiki/DirectAccess
