Using NAT64 in front of IPv6-only servers

Gert Doering gert at space.net
Tue Apr 5 10:00:01 CEST 2011


Hi,

On Tue, Apr 05, 2011 at 05:16:03AM +0200, Erik Kline wrote:
> > (Plus, it only needs to be in the packet path of ingress IPv4 packets
> > specifically destined to the web services, not in the packet path for
> > IPv6 clients, or "other IPv4 traffic")
> 
> Apart from NATing protocols that embed IP addresses, maybe pathMTU
> issues?  I don't think you can send an ICMPv4 packet to big when DF
> isn't set and expect the IPv4 client to be sensible about it.  

Indeed, there could be a problem if the IPv4 MTU is higher than the IPv6 
MTU on the path (actually it's more tricky than just "raw MTU", since a 
1500-byte-IPv4-TCP-packet would become larger than 1500 byte when moving 
over the TCP payload to an IPv6 packet).

OTOH the NAT46 would be positioned close to the server, and one could
run bigger-than-1500 links in the IPv6 part of the network.  

Or the IPv6 servers could advertise a smaller MSS.

But certainly something to keep in mind.

> All in all an altogether avoidable problem, I would expect.

"Not having to run dual-stack everywhere" (and get rid of IPv4 as far
as possible) sounds like a very reasonable goal to me.

Gert Doering
        -- NetMaster
-- 
did you enable IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 306 bytes
Desc: not available
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20110405/2297fa63/attachment.bin 


More information about the ipv6-ops mailing list