[183284] in North American Network Operators' Group
Re: Production-scale NAT64
daemon@ATHENA.MIT.EDU (Tore Anderson)
Wed Aug 26 00:50:01 2015
X-Original-To: nanog@nanog.org
Date: Wed, 26 Aug 2015 06:49:53 +0200
From: Tore Anderson <tore@fud.no>
To: William Herrin <bill@herrin.us>
In-Reply-To: <CAP-guGVjCZ=fn3bNp9BePfF=cb0CQR2pNwAZibZ99xMvqOffTA@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>, Jawaid Shell2 <jb@forethought.net>
Errors-To: nanog-bounces@nanog.org
* William Herrin
> On Thu, Aug 20, 2015 at 1:22 PM, Ca By <cb.list6@gmail.com> wrote:
> > On Thu, Aug 20, 2015 at 9:36 AM, William Herrin <bill@herrin.us> wrote:=
=20
> >> Seriously though, if you want to run a v6-only network and still
> >> support access to IPv4 Internet resources, consider 464XLAT or
> >> DS-Lite.
> >
> > NAT64 is a required component of 464XLAT.
>=20
> Sort of, technically, but not really.
Yes really. See below.
> 464XLAT does not require DNS64 and provides client software with an
> IPv4 interface. IPv4 software that has no idea IPv6 exists sends IPv4
> packets which get translated to IPv6 packets. Those packets are routed
> to the carrier NAT box which then translates these specially crafted
> IPv6 packets back to IPv4 packets.
What do you think the =C2=ABcarrier NAT box=C2=BB in 464XLAT is, exactly?
No need to guess, we can check the 464XLAT specification:
http://tools.ietf.org/html/rfc6877#section-2
> PLAT: PLAT is provider-side translator (XLAT) that complies with
> [RFC6146]. It translates N:1 global IPv6 addresses to global
> IPv4 addresses, and vice versa.
Let's check that reference:
http://tools.ietf.org/html/rfc6146#section-1
> This document specifies stateful NAT64, a mechanism for IPv4-IPv6
> transition and IPv4-IPv6 coexistence.
Lo and behold! Your 464XLAT =C2=ABcarrier NAT box=C2=BB (a.k.a. =C2=ABPLAT=
=C2=BB) *is* a
NAT64 box. Thus, if you intend to deploy 464XLAT in production, you'll
going to need a production scale NAT64 implementation.
To answer the Jawaid's original question, I'm very happy with Jool
(http://jool.mx) for my NAT64 (and SIIT) needs, which is a open-source
Linux-based software solution. It has no problems handling several Gb/s
of traffic using a couple of years old x86 server without any tuning,
so if the capacity required is moderate this might be a cost-effective
alternative to a dedicated boxes from the one of the router/network
appliance vendors.
Tore
