Feelings about NAT64/DNS64?

Graham Beneke graham at neology.co.za
Wed Dec 8 14:09:07 CET 2010

On 08/12/2010 09:37, George Bonser wrote:
> I am leaning toward using NAT64/DNS64 as the primary migration strategy
> in the data center.  Not sure yet what the best approach is on the user
> LANs.

I wouldn't think that this is such a great idea. NAT64 (like its 
predecessor NAT44) is only really feasibly on the eyeballs/sink side of 
the network. On the content/source side of the network you will most 
likely need to be running dual stack for quite a while.

NAT64 in a data center is about the same as IPv6-only in a data center 
from the client application's perspective.

> The bulk of my traffic is transacted with relatively few networks so
> once those go v6, the remaining v4 traffic will be manageable with
> NAT64.  And it becomes much easier to do a one-time migration to v6 than
> to do a dual-stack migration and have to maintain two sets of
> everything.  Basically the traffic pattern is a huge amount of traffic
> with a handful of networks and the remaining 15% of the traffic
> scattered across the entire planet but it is repetitive so things like
> DNS caching provide good economy and shouldn't beat up the servers
> providing the DNS64 portion.

NAT64 is not that different from NAT44. You shouldn't be putting servers 
behind a NAT64 unless you are intending to make them unreachable on the 
IPv4 Internet.

The end goal is obviously IPv6-only but you probably don't want to drop 
the IPv4 side of your infrastructure until you have less than 1% of your 
traffic going via that protocol.

Graham Beneke

More information about the ipv6-ops mailing list