Using NAT64 in front of IPv6-only servers

Gert Doering gert at
Thu Mar 31 20:14:12 CEST 2011


On Thu, Mar 31, 2011 at 07:51:31PM +0200, Tore Anderson wrote:
> My questions are:
> - Is anyone actually doing something like this already?

Not us.  

But it's similar to another approach we've been considering, which is 
"only dual-stack the load-balancers in front of the server farm, and 
single-stack the servers".  Dual-stacking the whole platform doesn't
bring benefits but brings double work - as you said.

Using a NAT64 here could have the advantage of "not having to configure
the IPv4 addresses on the load balancers" - and being available for 
applications that do not already have load balancers in front of them.

> - Is there any reason why this wouldn't work fine?

Since you're using the NAT64 in the "inverse direction", you're effectively
nullifying the benefits of "you get automatic mappings for everything you
want to reach" (as the IPv4 space can be embedded in the IPv6 /96) - so
it's "just" a destination-NAT that happens to be able to d-NAT into the
other address family, and source-NAT v4->v6 while at it.

But you'd still have to configure NAT mappings for every single application
(or at least for every single IPv6-address that you want to make visible)...

> - Are there any NAT64 implementations that could do this? (The ones
>   I've looked at so far appear to be intended to be used in
>   conjunction with DNS64 as a stateful CGN for IPv6-only clients.)

You need something that can configure static mappings in the other 
direction.  Dunno whether any of the NAT64s can do that, but I'd expect
this to show up over time - it will be needed.

did you enable IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279

More information about the ipv6-ops mailing list