In message <FE7943DF-6A3A-478F-AF40-DE4D3592FB1D@puck.nether.net>, Jared Mauch writes:
On Feb 4, 2011, at 4:32 PM, Mark Andrews wrote:
On Friday, February 04, 2011 09:05:09 am Derek J. Balling wrote:
I think they'll eventually notice a difference. How will an = IPv4-only inter nal host know what to do with an IPv6 AAAA record it gets from a DNS = lookup? =20 If the CPE is doing DNS proxy (most do) then it can map the AAAA = record to an A record it passes to the internal client, with an internal address = for the=20 record chosen from RFC1918 space, and perform IPv4-IPv6 1:1 NAT from =
gned RFC1918 address to the external IPv6 address from the AAAA = record (since you have at least a /64 at your CPE, you can even use the RFC1918 = address in the lower 32 bits.... :-P). =20 =20 This may already be a standard, or a draft, or implemented somewhere; = I don't know. But that is how I would do it, just thinking off the top of my =
=20 In message <201102041140.42719.lowen@pari.edu>, Lamar Owen writes: the assi head.
=20 =20 DS-lite delivers a IPv4 softwire over a IPv6 upstream. It also introduces less problems than NAT64 as it works with DNSSEC and with IPv4 literal. Along with DS-lite there is a UPNP replacement designed to work with distributed NATs (DS-Lite (AFTR+B4) and NAT444 (LSN + CPE NAT)) so that holes can be punched threw multiple devices if needed.
I've yet to see a version of ALG that isn't buggy (eg: Cisco SIP-ALG, = 2Wire/ATT uverse sip-alg is seriously broken, same for either dlink or = netgear... we have to turn it off otherwise it does bad things).
And you reported the bugs.
I'm sure that LSN activity is going to work "great" for the carriers.
Yes it is a worry which is why we want people to move to IPv6 and not use NAT. Less things to go wrong. A firewall only has to react to the traffic not re-write it. One lesa thing to go wrong.
- jared= -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org