Deploying IPv6 XLAT64
Looking at getting into IPv6 here ourselves... one of the big hold ups has been the dual stacking. Can anyone recommend a quality, not ridiculously convoluted to setup, XLAT64 translator that we could run in our network to take the IPv6 to an IPv4 address when the remote server doesn't have 6 capability?
You can use Jool for both 464XLAT and just NAT64. I've done a workshop on this at the LACNIC meeting this week. See slides 43 and next ones: http://www.lacnic.net/innovaportal/file/3139/1/ipv6-only_v11_16-9.pdf Saludos, Jordi -----Mensaje original----- De: NANOG <nanog-bounces@nanog.org> en nombre de Matt Hoppes <mattlists@rivervalleyinternet.net> Fecha: miércoles, 26 de septiembre de 2018, 15:03 Para: North American Network Operators' Group <nanog@nanog.org> Asunto: Deploying IPv6 XLAT64 Looking at getting into IPv6 here ourselves... one of the big hold ups has been the dual stacking. Can anyone recommend a quality, not ridiculously convoluted to setup, XLAT64 translator that we could run in our network to take the IPv6 to an IPv4 address when the remote server doesn't have 6 capability? ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Thanks... that is what I don't understand: Why is NAT64 such a difficult concept to put into routers and firewalls? We already do NAT with IPv4 just fine. I feel like IPv6 adoption would be much faster if there was a transition mechanism other than dual stacking. Think: Corporate offices. Rather than renumbering everything inside, they just turn on NAT64 and now they can begin a slow and controlled transition. On 9/26/18 2:19 PM, JORDI PALET MARTINEZ wrote:
You can use Jool for both 464XLAT and just NAT64.
I've done a workshop on this at the LACNIC meeting this week. See slides 43 and next ones:
http://www.lacnic.net/innovaportal/file/3139/1/ipv6-only_v11_16-9.pdf
Saludos, Jordi
-----Mensaje original----- De: NANOG <nanog-bounces@nanog.org> en nombre de Matt Hoppes <mattlists@rivervalleyinternet.net> Fecha: miércoles, 26 de septiembre de 2018, 15:03 Para: North American Network Operators' Group <nanog@nanog.org> Asunto: Deploying IPv6 XLAT64
Looking at getting into IPv6 here ourselves... one of the big hold ups has been the dual stacking.
Can anyone recommend a quality, not ridiculously convoluted to setup, XLAT64 translator that we could run in our network to take the IPv6 to an IPv4 address when the remote server doesn't have 6 capability?
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
This document, which is already in the IESG review, may answer your question: https://datatracker.ietf.org/doc/draft-ietf-v6ops-transition-ipv4aas/ Also take a look into this one: https://datatracker.ietf.org/doc/draft-ietf-v6ops-nat64-deployment/ Remember that if your enterprise network has apps that use literals, or they don't support IPv6, you still need dual-stack in the LANs, but access IPv6-only is just fine. Regards, Jordi -----Mensaje original----- De: Matt Hoppes <mattlists@rivervalleyinternet.net> Fecha: miércoles, 26 de septiembre de 2018, 15:22 Para: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>, North American Network Operators' Group <nanog@nanog.org> Asunto: Re: Deploying IPv6 XLAT64 Thanks... that is what I don't understand: Why is NAT64 such a difficult concept to put into routers and firewalls? We already do NAT with IPv4 just fine. I feel like IPv6 adoption would be much faster if there was a transition mechanism other than dual stacking. Think: Corporate offices. Rather than renumbering everything inside, they just turn on NAT64 and now they can begin a slow and controlled transition. On 9/26/18 2:19 PM, JORDI PALET MARTINEZ wrote: > You can use Jool for both 464XLAT and just NAT64. > > I've done a workshop on this at the LACNIC meeting this week. See slides 43 and next ones: > > http://www.lacnic.net/innovaportal/file/3139/1/ipv6-only_v11_16-9.pdf > > Saludos, > Jordi > > > > -----Mensaje original----- > De: NANOG <nanog-bounces@nanog.org> en nombre de Matt Hoppes <mattlists@rivervalleyinternet.net> > Fecha: miércoles, 26 de septiembre de 2018, 15:03 > Para: North American Network Operators' Group <nanog@nanog.org> > Asunto: Deploying IPv6 XLAT64 > > Looking at getting into IPv6 here ourselves... one of the big hold ups > has been the dual stacking. > > Can anyone recommend a quality, not ridiculously convoluted to setup, > XLAT64 translator that we could run in our network to take the IPv6 to > an IPv4 address when the remote server doesn't have 6 capability? > > > > > ********************************************** > IPv4 is over > Are you ready for the new Internet ? > http://www.consulintel.es > The IPv6 Company > > This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. > > > ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
On 27 Sep 2018, at 4:22 am, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
Thanks... that is what I don't understand: Why is NAT64 such a difficult concept to put into routers and firewalls? We already do NAT with IPv4 just fine.
It’s not s difficult concept but you need to remember NAT44 breaks stuff and NAT64/NAT46 breaks more stuff.
I feel like IPv6 adoption would be much faster if there was a transition mechanism other than dual stacking.
Dual stacking is SIMPLE. REALLY. Turn on IPv6 with the M bit set and configure the DHCPv6 server. If you don’t need that level of control of address assignments leave the M bit off. 99.99% of your machines will just add a second address to the interface without you having to do anything more.
Think: Corporate offices. Rather than renumbering everything inside, they just turn on NAT64 and now they can begin a slow and controlled transition.
Getting to IPv6 resources from IPv4 address is a *much* harder problem that getting to IPv4 resources from IPv6 which is what you are describing here with the “no renumber everything as they already have a IPv4 address” requirement. NAT64 allows IPv6 devices to get to legacy IPv4 servers. To allow IPv4 devices to get to IPv6 servers you need to map the IPv6 addresses you want to talk to in to a pool of IPv4 addresses and push that mapping to a NAT46 (not NAT64) device. Go dual stack then, once IPv6 is stable, turn off IPv4 if you want to be single stacked. You are then no longer dependent on the services you want want to access continuing to be offered over IPv4. 464XLAT will only work as a stop gap for IPv4 clients while services are offered over IPv4. After ~20 years of IPv6 being available (Windows XP had IPv6 support and it was not the first major OS to have it) just turn on IPv6. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
participants (3)
-
JORDI PALET MARTINEZ -
Mark Andrews -
Matt Hoppes