Just to make things clear as mud, NAT64 is a mechanism that does address
and protocol translation or NAT-PT, but it is probably best not to call
it that as "NAT-PT" was an old technique that was defined in an RFC and
was officially abandoned by the IETF. NAT64 is an externally similar
technique that is based on a new I-D and internally very different from
the old NAT-PT.
This is a source of some confusion to me.
NAT64 seems to make several (sensible) changes compared to NAT-PT:
1. DNS ALG is replaced by an external DNS64 server, and the DNS64
algorithm is DNSSEC-capable
2. As a result of 1. the NAT64 does not need to be in the default route,
and merely needs to have the NAT64 prefix routed to it
...but it's not obvious to me what *else* changed; the I-Ds are a bit...
well, incomprehensible (to me) is probably the only phrase I can use. If
you have any pointers to the differences, I'd be interested.
A bit of research turns up:
http://blog.ioshints.info/2010/06/is-nat64-subset-of-nat-pt.html
Broadly speaking, NAT64 mandates NAT behaviours that permit better NAT
traversal and use of p2p apps (specifically RFC4787 and RFC5382)
It seems to me that, if your NAT-PT already had those behaviours, and
didn't rely on the DNS ALG to open the NAT pinholes, it is basically NAT64?
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
