Using NAT64 in front of IPv6-only servers
gert at space.net
Thu Mar 31 20:14:12 CEST 2011
On Thu, Mar 31, 2011 at 07:51:31PM +0200, Tore Anderson wrote:
> My questions are:
> - Is anyone actually doing something like this already?
But it's similar to another approach we've been considering, which is
"only dual-stack the load-balancers in front of the server farm, and
single-stack the servers". Dual-stacking the whole platform doesn't
bring benefits but brings double work - as you said.
Using a NAT64 here could have the advantage of "not having to configure
the IPv4 addresses on the load balancers" - and being available for
applications that do not already have load balancers in front of them.
> - Is there any reason why this wouldn't work fine?
Since you're using the NAT64 in the "inverse direction", you're effectively
nullifying the benefits of "you get automatic mappings for everything you
want to reach" (as the IPv4 space can be embedded in the IPv6 /96) - so
it's "just" a destination-NAT that happens to be able to d-NAT into the
other address family, and source-NAT v4->v6 while at it.
But you'd still have to configure NAT mappings for every single application
(or at least for every single IPv6-address that you want to make visible)...
> - Are there any NAT64 implementations that could do this? (The ones
> I've looked at so far appear to be intended to be used in
> conjunction with DNS64 as a stateful CGN for IPv6-only clients.)
You need something that can configure static mappings in the other
direction. Dunno whether any of the NAT64s can do that, but I'd expect
this to show up over time - it will be needed.
did you enable IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
More information about the ipv6-ops