Although it would seem that double-stack is still the preferred method of linux distribution, I want my next deployed in IPv6 only. For linux there is NAT-PT tomicki and NAT64 Viagenie. I don't have Cisco equipment although I'd like tested their NAT-PT, even if it's obsolete. Are some of you have installed one of these two implementations in production on recent versions of linux? Is it stable, secure, ... ? Regards
On Wed, 19 Jan 2011, jarod smith wrote:
Are some of you have installed one of these two implementations in production on recent versions of linux? Is it stable, secure, ... ?
Not in production, but we've installed it for testing. We immediately ran into problems that was MTU related where viagenie mismatched the 2 byte MTU in IPv4 with 4 byte in IPv6 and didn't handle that. After reporting this we quickly received a patch that fixed the problem. They also seem to have other fixes not available in the public distribution (this was a month ago, might have changed). So my take on this is that viagenie responds well to mail and will fix things, but the software has not been widely tested and is not production quality right now. -- Mikael Abrahamsson email: swmike@swm.pp.se
Thanks for your reply. In summary it's not possible to deployed IPv6 only if I want to access the whole internet :) On Wed, Jan 19, 2011 at 10:18 AM, jarod smith <jarod.smouth@gmail.com>wrote:
Although it would seem that double-stack is still the preferred method of linux distribution, I want my next deployed in IPv6 only. For linux there is NAT-PT tomicki and NAT64 Viagenie.
I don't have Cisco equipment although I'd like tested their NAT-PT, even if it's obsolete.
Are some of you have installed one of these two implementations in production on recent versions of linux? Is it stable, secure, ... ?
Regards
On Wed, Jan 19, 2011 at 1:18 AM, jarod smith <jarod.smouth@gmail.com> wrote:
Although it would seem that double-stack is still the preferred method of linux distribution, I want my next deployed in IPv6 only. For linux there is NAT-PT tomicki and NAT64 Viagenie.
I don't have Cisco equipment although I'd like tested their NAT-PT, even if it's obsolete.
There are some lessons learned here with NAT-PT http://www.civil-tongue.net/6and4/wiki But, i would only use NAT-PT for ... no ... i would never use NAT-PT. The implementations are really not good.
Are some of you have installed one of these two implementations in production on recent versions of linux? Is it stable, secure, ... ?
I have tested 3 versions of DNS64 and 4 versions of NAT64. I am not sure what i can share about them. My experience has generally been good. I feel good with taking my selected vendors to production with this feature. Users in my beta trial have been happy with the results and performance. You mentioned Cisco. Cisco has stateless support today of NAT64, but i am not sure the value of that since it is one for one. I assume they will have stateful support soon. http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iad_st... aka http://tinyurl.com/4gt9s9y Juniper has stateful NAT64 today in production code, i have not looked at this one yet, but it appears promising http://www.juniper.net/techpubs/en_US/junos10.4/information-products/topic-c... aka http://tinyurl.com/4qxjahk If you are talking about servers, not users, most of the commercial load balancers have NAT64 functions for the IPv6 user to IPv4 legacy server use case. Cameron ====== http://groups.google.com/group/tmoipv6beta ======
Regards
Hi, I didn't use NAT-PT, but have lot of experience with NAT64/DNS64. We've deployed NAT64 with DNS64 in our test lab with last Fedora linux workstations , so far, it works fine. -- Sincerely, Mikhail Strizhov Email: strizhov@netsec.colostate.edu <mailto:strizhov@netsec.colostate.edu> On 01/19/2011 02:18 AM, jarod smith wrote:
Although it would seem that double-stack is still the preferred method of linux distribution, I want my next deployed in IPv6 only. For linux there is NAT-PT tomicki and NAT64 Viagenie.
I don't have Cisco equipment although I'd like tested their NAT-PT, even if it's obsolete.
Are some of you have installed one of these two implementations in production on recent versions of linux? Is it stable, secure, ... ?
Regards
participants (4)
-
Cameron Byrne
-
jarod smith
-
Mikael Abrahamsson
-
Mikhail Strizhov