Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Can IPv6 be unreachable by older networks that do not support them?

We have run out of IPv4s and ARIN has a very strict policy in providing additional IPv4, so we have requested to receive IPv6 from ARIN.

Our Internet Backbone providers do support IPv6 and they said that they will broadcast those IPs.

We will be running several eCommerce sites on this new IPv6. Do we have to be concerned that some of the older networks may not be able to reach our eCommerce sites that are running on IPv6?

Your insignt on this issue is greatly appreciated.

Everyone's tags (1)

By older networks do you mean

By older networks do you mean IPv4?

If you eCommerce sites are running native IPv6 then the IPv4 networks will not be able to reach them without address translation between the two protocols.

Alternatively you could run a dual stack IPv4/IPv6 on the servers. However this won't work since you stated that you have run out of IPv4 addresses.

IPv4 and IPv6 don't

IPv4 and IPv6 don't interoperate, and while there are mediocre technologies for getting from IPv6-only clients to legacy IPv4-only servers such as NAT64+DNS64, the IETF gave up on trying to get from legacy IPv4-only clients to bleeding edge IPv6-only servers back in 2007 - see RFC 4966.   A killer problem is that you can't reliably fake enough DNS 'A' records to cover the 'AAAA' address space at ISP scales.

Welcome to the IPv4 to IPv6 conversion interregnum, where we are running two internets and you can't get here from there.  Yes, you have to concerned that older IPv4-only clients, this week about 96% of the planet, can't reach a v6-only eCommerce site.  However, with mobile networks such as Verizon's LTE4 stuff being v6-only, you also have to be concerned if your eCommerce site were v4-only.  Going through an ISP NAT64 translator will give a radically inferior user experience compared to a native v6 connection, and well as destroying all your geolocation analytics.

The recommended way to deal with this, e.g. what facebook is doing, is to run the back-end datacenter on v6-only, but to have perimeter services such as DNS and web load balancers dual-stacked on a small amount of public v4.  Given the mediocre state of IPv6 reputation lists compared to IPv4 to date, I don't yet recommend running border mail gateways with live v6 as you are liable to leak more spam through.

-- Jim Leinweber, WI State Lab of Hygiene

CreatePlease to create content