Feelings about NAT64/DNS64?

Cameron Byrne cb.list6 at gmail.com
Wed Dec 8 14:42:48 CET 2010

On Wed, Dec 8, 2010 at 5:09 AM, Graham Beneke <graham at neology.co.za> wrote:
> On 08/12/2010 09:37, George Bonser wrote:
>> I am leaning toward using NAT64/DNS64 as the primary migration strategy
>> in the data center.  Not sure yet what the best approach is on the user
>> LANs.
> I wouldn't think that this is such a great idea. NAT64 (like its predecessor
> NAT44) is only really feasibly on the eyeballs/sink side of the network. On
> the content/source side of the network you will most likely need to be
> running dual stack for quite a while.

I have seen many implementations of NAT64 in the data center.  In
fact. ipv6.t-mobile.com is NAT64.  It is very common for a service
that is IPv4-only today to put a load-balancer with an IPv6 VIP/VS
facing the IPv6 internet and have pool members that are IPv4-only

IPv6-Internet--->NAT64/Load Balancer---->IPv4-only legacy server.

IPv4-Internet-->Load Balancer ---> IPv4-only legacy server

I normally don't think of NAT64 like this, i too usually think about
NAT64 benefits for the eyeball networks, but this case in the data
center, which is a common IPv6 migration step, is also NAT from 6 to

The end result is a dual stack service made of what was once an
IPv4-only service.

I completely agree that content MUST be presented to the Internet as
dual-stack, but eyeballs will have no choice but to go IPv6-only as
IPv4 is simply not available.


> NAT64 in a data center is about the same as IPv6-only in a data center from
> the client application's perspective.
>> The bulk of my traffic is transacted with relatively few networks so
>> once those go v6, the remaining v4 traffic will be manageable with
>> NAT64.  And it becomes much easier to do a one-time migration to v6 than
>> to do a dual-stack migration and have to maintain two sets of
>> everything.  Basically the traffic pattern is a huge amount of traffic
>> with a handful of networks and the remaining 15% of the traffic
>> scattered across the entire planet but it is repetitive so things like
>> DNS caching provide good economy and shouldn't beat up the servers
>> providing the DNS64 portion.
> NAT64 is not that different from NAT44. You shouldn't be putting servers
> behind a NAT64 unless you are intending to make them unreachable on the IPv4
> Internet.
> The end goal is obviously IPv6-only but you probably don't want to drop the
> IPv4 side of your infrastructure until you have less than 1% of your traffic
> going via that protocol.
> --
> Graham Beneke

More information about the ipv6-ops mailing list