Question Re: best practices

Austin Schutz tex at off.org
Mon May 9 19:52:30 CEST 2011 

Tim Chown wrote:
> On 9 May 2011, at 17:38, Austin Schutz wrote:
> 
>> 
>> I'm curious about this having read a couple books about the IPv4 -> IPv6 transition. I would like to know what the current best practice is.
>> 
>> Given: A small set ipv6 only network running various protocols, call this the "IPv6 only server network", and a large legacy client IPv4 network, call this, say, "The Internet".
>> 
>> In this scenario the operator of the ipv6 network may not have the luxury of implementing dual stack on the legacy IPv4 network. Given that the methodology of providing access to this network via NA(P)T-PT has been obsoleted, what is the current best practice for solving this problem?
>> 
>> I'm not really interested in a philosophical sort of "what I think should happen" sort of debate, but rather a practical "this is what I have implemented in my network" or "this is how I would solve this issue given currently available equipment, software, and configurations techniques".
>> 
>> Answers involving proposed but not implemented drafts are interesting but not necessarily helpful.
>> 
> 
> Hi Austin,
> 
> Take a look at NAT64/DNS64 and associated protocols which have recently emerged as RFCs.  See RFC 6144, 6145, 6146 and 6147.
> 


Sure.

 From RFC6144, which is the only one of those 4 to address the specific 
problem of IPv4 Internet -> IPv6 servers:

2.2.  Scenario 2: The IPv4 Internet to an IPv6 Network


In general, this scenario presents a hard case for translation.
    Stateful translation such as NAT-PT [RFC2766] can be used in this
    scenario, but it requires a tightly coupled DNS Application Level
    Gateway (ALG) in the translator, and this technique was deprecated by
    the IETF [RFC4966].

    The stateless translation solution in Scenario 1 can also work in
    Scenario 2, since it can support IPv4-initiated communications with a
    subset of the IPv6 addresses (IPv4-translatable addresses) in an IPv6
    network.


 From "Scenario 1":

But, in addition, the
    hosts in the enterprise network are commercially available devices,
    personal computers with existing operating systems.  This restriction
    drives us to a "one box" type of solution, where IPv6 can be
    translated into IPv4 to reach the public Internet.



This sounds an awful lot like the "grab your ankles" black box solution 
presented in a different part of this thread. It certainly doesn't 
resemble anything like a NAT-PT/NAPT-PT actual specification.


  There is at least one implementation here, albeit on earlier versions: 
http://ecdysis.viagenie.ca/
> 

I will check it out.

> You may of course find in some cases dual-stack ALGs can provide what you need.

.. such as?

Austin

More information about the ipv6-ops mailing list