Implementing 464XLAT at a small WISP
We recently deployed our first half-dozen IPv6-only customers after 6+ months of testing, using 464XLAT. It took me ages to sort all this out, so I hope someone finds this helpful. Feedback very much welcome. https://blog.brocktice.com/2017/12/27/deploying-464xlat-for-ipv6-only-client...
On 28 Dec 2017, at 11:45 am, Brock Tice <brock@bmwl.co> wrote:
We recently deployed our first half-dozen IPv6-only customers after 6+ months of testing, using 464XLAT.
It took me ages to sort all this out, so I hope someone finds this helpful. Feedback very much welcome.
https://blog.brocktice.com/2017/12/27/deploying-464xlat-for-ipv6-only-client...
If all you want to do is 464XLAT you don’t need a nameserver that supports DNS64. Just add a ipv4only.arpa zone with the appropriate AAAA records to your recursive servers. The following provides the 464XLAT translation with the well known NAT64 prefix. ipv4only.arpa. SOA . . 0 0 0 0 0 ipv4only.arpa. NS . ipv4only.arpa. AAAA 64:ff9b::192.0.0.170 ipv4only.arpa. AAAA 64:ff9b::192.0.0.171 ipv4only.arpa. A 192.0.0.170 ipv4only.arpa. A 192.0.0.171 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Nice ;-) I’ve been doing this for some time already … and have trials with several customers (tens of thousands of customers). Note that most of the routers that support LEDE (quite a big list), will work by default with a standard stable release. You mention it, but we use something like for the offload: ethtool --offload eth0 gro off lro off ethtool --offload eth1 gro off lro off Also, for the DNS64, I use exclude. It can be improved also to avoid including (in the exclusion) the prefixes for transition mechanisms, such as 2001::/32, 2002::/16, etc. dns64 64:ff9b::/96 { clients { any; }; mapped { any; }; exclude { 0::/3; 4000::/2; 8000::/1; 2001:db8::/32; }; break-dnssec no; }; I’ve an ID on this: https://datatracker.ietf.org/doc/draft-palet-v6ops-464xlat-deployment/ I’m working in the next few days in a review of this, so any inputs are welcome! Regards, Jordi -----Mensaje original----- De: NANOG <nanog-bounces@nanog.org> en nombre de Brock Tice <brock@bmwl.co> Responder a: <brock@bmwl.co> Fecha: jueves, 28 de diciembre de 2017, 1:48 Para: <nanog@nanog.org> Asunto: Implementing 464XLAT at a small WISP We recently deployed our first half-dozen IPv6-only customers after 6+ months of testing, using 464XLAT. It took me ages to sort all this out, so I hope someone finds this helpful. Feedback very much welcome. https://blog.brocktice.com/2017/12/27/deploying-464xlat-for-ipv6-only-client... ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
participants (3)
-
Brock Tice
-
JORDI PALET MARTINEZ
-
Mark Andrews