6to4 in Internet aaaa records
Tore Anderson
tore at fud.no
Mon Oct 13 10:16:19 CEST 2014
* Nick Edwards
> Speaking of 6to4, can anyone recommend an understandable by non
> networking types, easy setup how-to?
>
> Preferably with the entire thing on the one box (we have only one bit
> of software that does not understand ipv6, everything else does, so
> are not wanting a specific dedi router type config to remote ipv4
> boxes, the box is dual stack, we just need 6yp4 to send ipv6 onto its
> ipv4 address - oh and before some bright spark says it, because we
> know someone will, no, the software can not be changed, it is a
> closed source binary, and they have no future plans to add ipv6 to it,
> and since it is a news server daemon, which has an enormous amount of
> spool storage,we are not looking to start it fresh with something
> else)
>
> So any pointers to URLs appreciated.
You can use something called "Stateful NAT64", specified in RFC6146 and
available from many different equipment vendors.
You'll have to configure it with an IPv6 translation prefix that's
globally available (for example 2001:db8:64::/96), and an IPv4 source
address pool (can be RFC1918, as long as it's reachable from the news
server, so let's say 172.16.0.0/16 as an example).
Assuming your news server has an IPv4 IN A DNS record of
203.0.113.50, you should now add an IPv6 IN AAAA DNS record of
2001:db8:64::203.0.113.50, and things will Just Work. The news server
will see IPv6 clients as connecting from addresses within 172.16.0.0/16.
You'll also probably want to drop traffic to addresses in
2001:db8:64::/96 that do not correspond to your own IPv4 addresses that
you want made available through this system.
An alternative «one box» solution would be to run the news server binary
from an inetd implementation that supports IPv6.
Tore
More information about the ipv6-ops
mailing list