Using NAT64 in front of IPv6-only servers

Tore Anderson tore.anderson at redpill-linpro.com
Thu Mar 31 19:51:31 CEST 2011


Hi list,

I've been thinking a bit about how to go about deploying IPv6-only
applications in the data centre. I don't want to do dual-stack more
than necessary; after all, dual-stack means I have to do double work.

Setting up a new application on an IPv6-only server farm shouldn't be
difficult (provided that all the software supports it of course).
However, the public services would obviously need to be available from
the IPv4 internet as well, and I was thinking I could use something
like NAT64 (stateless, no DNS64) to do that. For example:

1) An IPv6-only HTTP server is listening on [2a02:c0::1]:80

2) I route 2a02:c0:64::/96 and 87.238.32.1/32 to a NAT64 device

3) I configure the NAT device to perform these translations:

   Inbound traffic from clients on the IPv4 internet:
     From: SRC=${IPv4-CLIENT}              DEST=87.238.32.1
     To:   SRC=2a02:c0:64::${IPV4-CLIENT}  DEST=2a02:c0::1
   Reply traffic:
     From: SRC=2a02:c0::1   DEST=2a02:c0:64::${IPV4-CLIENT}
     To:   SRC=87.238.32.1  DEST=${IPV4-CLIENT}

   Obviously the ${IPV4-CLIENT} <-> 2a02:c0:64::${IPV4-CLIENT}
   translations would have to done dynamically by the device.

4) Finally I publish the following information in DNS:

   www.example.com. IN A    87.238.32.1
   www.example.com. IN AAAA 2a02:c0::1

My questions are:

- Is anyone actually doing something like this already?
- Is there any reason why this wouldn't work fine?
- Are there any NAT64 implementations that could do this? (The ones
  I've looked at so far appear to be intended to be used in
  conjunction with DNS64 as a stateful CGN for IPv6-only clients.)

Best regards,
-- 
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com/
Tel: +47 21 54 41 27



More information about the ipv6-ops mailing list