Feelings about NAT64/DNS64?

Eric Vyncke (evyncke) evyncke at cisco.com
Wed Dec 8 14:59:43 CET 2010


And doing it in the load-balancer allows to insert a X-Forwarded-For: HTTP header with the original IPv6 address in case the web apps want to get/process the real IPv6 address

-éric


> -----Original Message-----
> From: ipv6-ops-bounces+evyncke=cisco.com at lists.cluenet.de [mailto:ipv6-ops-
> bounces+evyncke=cisco.com at lists.cluenet.de] On Behalf Of Cameron Byrne
> Sent: mercredi 8 décembre 2010 14:43
> To: Graham Beneke
> Cc: ipv6-ops at lists.cluenet.de
> Subject: Re: Feelings about NAT64/DNS64?
> 
> On Wed, Dec 8, 2010 at 5:09 AM, Graham Beneke <graham at neology.co.za> wrote:
> > On 08/12/2010 09:37, George Bonser wrote:
> >>
> >> I am leaning toward using NAT64/DNS64 as the primary migration strategy
> >> in the data center.  Not sure yet what the best approach is on the user
> >> LANs.
> >
> > I wouldn't think that this is such a great idea. NAT64 (like its
> predecessor
> > NAT44) is only really feasibly on the eyeballs/sink side of the network. On
> > the content/source side of the network you will most likely need to be
> > running dual stack for quite a while.
> >
> 
> I have seen many implementations of NAT64 in the data center.  In
> fact. ipv6.t-mobile.com is NAT64.  It is very common for a service
> that is IPv4-only today to put a load-balancer with an IPv6 VIP/VS
> facing the IPv6 internet and have pool members that are IPv4-only
> 
> IPv6-Internet--->NAT64/Load Balancer---->IPv4-only legacy server.
> 
> 
> IPv4-Internet-->Load Balancer ---> IPv4-only legacy server
> 
> I normally don't think of NAT64 like this, i too usually think about
> NAT64 benefits for the eyeball networks, but this case in the data
> center, which is a common IPv6 migration step, is also NAT from 6 to
> 4.
> 
> The end result is a dual stack service made of what was once an
> IPv4-only service.
> 
> I completely agree that content MUST be presented to the Internet as
> dual-stack, but eyeballs will have no choice but to go IPv6-only as
> IPv4 is simply not available.
> 
> Cameron
> 
> 
> > NAT64 in a data center is about the same as IPv6-only in a data center from
> > the client application's perspective.
> >
> >> The bulk of my traffic is transacted with relatively few networks so
> >> once those go v6, the remaining v4 traffic will be manageable with
> >> NAT64.  And it becomes much easier to do a one-time migration to v6 than
> >> to do a dual-stack migration and have to maintain two sets of
> >> everything.  Basically the traffic pattern is a huge amount of traffic
> >> with a handful of networks and the remaining 15% of the traffic
> >> scattered across the entire planet but it is repetitive so things like
> >> DNS caching provide good economy and shouldn't beat up the servers
> >> providing the DNS64 portion.
> >
> > NAT64 is not that different from NAT44. You shouldn't be putting servers
> > behind a NAT64 unless you are intending to make them unreachable on the
> IPv4
> > Internet.
> >
> > The end goal is obviously IPv6-only but you probably don't want to drop the
> > IPv4 side of your infrastructure until you have less than 1% of your
> traffic
> > going via that protocol.
> >
> > --
> > Graham Beneke
> >



More information about the ipv6-ops mailing list