[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Production-scale NAT64
- Subject: Production-scale NAT64
- From: tore at fud.no (Tore Anderson)
- Date: Wed, 26 Aug 2015 06:49:53 +0200
- In-reply-to: <CAP-guGVjCZ=fn3bNp9BePfF=cb0CQR2pNwAZibZ99xMvqOffTA@mail.gmail.com>
- References: <[email protected]> <CAP-guGV==1SoDR_PKXVo852+t0c+cojT-poMo5X+cz1PveoNjQ@mail.gmail.com> <CAD6AjGT+GeBtwv3far3NJidr6bijQb=TJVB5gh+kkY3xcWg4Vw@mail.gmail.com> <CAP-guGVjCZ=fn3bNp9BePfF=cb0CQR2pNwAZibZ99xMvqOffTA@mail.gmail.com>
* William Herrin
> On Thu, Aug 20, 2015 at 1:22 PM, Ca By <cb.list6 at gmail.com> wrote:
> > On Thu, Aug 20, 2015 at 9:36 AM, William Herrin <bill at herrin.us> wrote:
> >> Seriously though, if you want to run a v6-only network and still
> >> support access to IPv4 Internet resources, consider 464XLAT or
> >> DS-Lite.
> >
> > NAT64 is a required component of 464XLAT.
>
> Sort of, technically, but not really.
Yes really. See below.
> 464XLAT does not require DNS64 and provides client software with an
> IPv4 interface. IPv4 software that has no idea IPv6 exists sends IPv4
> packets which get translated to IPv6 packets. Those packets are routed
> to the carrier NAT box which then translates these specially crafted
> IPv6 packets back to IPv4 packets.
What do you think the ?carrier NAT box? in 464XLAT is, exactly?
No need to guess, we can check the 464XLAT specification:
http://tools.ietf.org/html/rfc6877#section-2
> PLAT: PLAT is provider-side translator (XLAT) that complies with
> [RFC6146]. It translates N:1 global IPv6 addresses to global
> IPv4 addresses, and vice versa.
Let's check that reference:
http://tools.ietf.org/html/rfc6146#section-1
> This document specifies stateful NAT64, a mechanism for IPv4-IPv6
> transition and IPv4-IPv6 coexistence.
Lo and behold! Your 464XLAT ?carrier NAT box? (a.k.a. ?PLAT?) *is* a
NAT64 box. Thus, if you intend to deploy 464XLAT in production, you'll
going to need a production scale NAT64 implementation.
To answer the Jawaid's original question, I'm very happy with Jool
(http://jool.mx) for my NAT64 (and SIIT) needs, which is a open-source
Linux-based software solution. It has no problems handling several Gb/s
of traffic using a couple of years old x86 server without any tuning,
so if the capacity required is moderate this might be a cost-effective
alternative to a dedicated boxes from the one of the router/network
appliance vendors.
Tore