RE: 'Upgrading' NAT64 to 464XLAT?
Dick 464XLAT is contained within a host, so, you will need an implementation for all your end host (laptop, tablets, ...) But, I am sure that you already know that ;-) -Original Message- From: ipv6-ops-bounces+evyncke=cisco@lists.cluenet.de [mailto:ipv6-ops-bounces+evyncke=cisco@lists.cluenet.de] On Behalf Of Dick Visser Sent: lundi 25 novembre 2013 14:20 To: ipv6-ops@lists.cluenet.de Subject: 'Upgrading' NAT64 to 464XLAT? hi guys We've been running a NAT64/DNS64 set-up for a while now on some parts of our office network. This seems to work well, but it doens't work for everything (e.g. Skype etc). If those apps were working, it would be possible to actually use if for production. I was reading about 464XLAT, and from what I understand, this is more or less NAT64, but with some sort of local (RFC1918) IPv4 in the mix. For phones this is done using a special daemon that provides a local IPv4 address. I'd like to 'upgrade' out existing NAT64/DNS64 setup to do 464XLAT, but there aren't many docs about how to set 464XLAT to begin with. I've seen https://sites.google.com/site/tmoipv6/464xlat, and I asked around here and there. A schema with actual addresses would be nice, but I can't find that. Since we have an office set-up with, I assume I should configure the IPv6-only VLAN so that RFC1918 addresses are handed out on it as well? What I don't understand, if a device gets an RFC1918 IPv4 address, and a global IPv6 address, how would it be possible that apps that support IPv6-only use the IPv6 path? I can imagine that some applications still prefer to take the IPv4 path? Thanks!! -- Dick Visser System Networking Engineer TERENA Secretariat Singel 468 D, 1017 AW Amsterdam The Netherlands
Re: 'Upgrading' NAT64 to 464XLAT?
Eric Vyncke (evyncke) evyn...@cisco.com writes: 464XLAT is contained within a host, so, you will need an implementation for all your end host (laptop, tablets, ...) I cannot see anything in RFC 6877 preventing a CLAT gateway serving more than one host. Bjørn
Re: 'Upgrading' NAT64 to 464XLAT?
Well, to be honest that wasn't even clear to me ;-) I just am reading up on the RFC and it looks like it doesn't have to be on the end host necessarily: http://tools.ietf.org/html/rfc6877#section-6.5 Time for me to read the rfcs in their entirety On 25 November 2013 15:22, Eric Vyncke (evyncke) evyn...@cisco.com wrote: Dick 464XLAT is contained within a host, so, you will need an implementation for all your end host (laptop, tablets, ...) But, I am sure that you already know that ;-) -Original Message- From: ipv6-ops-bounces+evyncke=cisco@lists.cluenet.de [mailto:ipv6-ops-bounces+evyncke=cisco@lists.cluenet.de] On Behalf Of Dick Visser Sent: lundi 25 novembre 2013 14:20 To: ipv6-ops@lists.cluenet.de Subject: 'Upgrading' NAT64 to 464XLAT? hi guys We've been running a NAT64/DNS64 set-up for a while now on some parts of our office network. This seems to work well, but it doens't work for everything (e.g. Skype etc). If those apps were working, it would be possible to actually use if for production. I was reading about 464XLAT, and from what I understand, this is more or less NAT64, but with some sort of local (RFC1918) IPv4 in the mix. For phones this is done using a special daemon that provides a local IPv4 address. I'd like to 'upgrade' out existing NAT64/DNS64 setup to do 464XLAT, but there aren't many docs about how to set 464XLAT to begin with. I've seen https://sites.google.com/site/tmoipv6/464xlat, and I asked around here and there. A schema with actual addresses would be nice, but I can't find that. Since we have an office set-up with, I assume I should configure the IPv6-only VLAN so that RFC1918 addresses are handed out on it as well? What I don't understand, if a device gets an RFC1918 IPv4 address, and a global IPv6 address, how would it be possible that apps that support IPv6-only use the IPv6 path? I can imagine that some applications still prefer to take the IPv4 path? Thanks!! -- Dick Visser System Networking Engineer TERENA Secretariat Singel 468 D, 1017 AW Amsterdam The Netherlands -- Dick Visser System Networking Engineer TERENA Secretariat Singel 468 D, 1017 AW Amsterdam The Netherlands
Re: 'Upgrading' NAT64 to 464XLAT?
On 11/25/2013 05:20 AM, Dick Visser wrote: We've been running a NAT64/DNS64 set-up for a while now on some parts of our office network. This seems to work well, but it doens't work for everything (e.g. Skype etc). When it was first being considered there was a non-zero number of us who made an initial effort to explain to the authors that DNS64 was a non-starter because there are always going to be IPv4 sites that hard-code IP addresses, and a non-trivial number of them are going to be critical sites for any given set of users. The authors chose to plunge ahead anyway, leaving us with yet another transition technology cure that is worse than the disease. Dual stack on the inside network is the only (effective) way to address this issue, even if it requires IPv4 NAT at the border. Doug
Re: 'Upgrading' NAT64 to 464XLAT?
* Dick Visser I just am reading up on the RFC and it looks like it doesn't have to be on the end host necessarily: http://tools.ietf.org/html/rfc6877#section-6.5 This is implemented in Android - its wireless hotspot feature works just fine using IPv6-only + 464XLAT as the upstream mobile connectivity. The hotspot zone remains IPv4-only though, which results in the amusing fact that when I'm accessing my own home page through the traffic is being subjected to NAT44646 (the final 46 happening in my data centres). Not that I'm complaining, it works just hunky-dory (NATs are good). Tore
Re: 'Upgrading' NAT64 to 464XLAT?
Tore Anderson t...@fud.no writes: * Dick Visser I just am reading up on the RFC and it looks like it doesn't have to be on the end host necessarily: http://tools.ietf.org/html/rfc6877#section-6.5 This is implemented in Android - its wireless hotspot feature works just fine using IPv6-only + 464XLAT as the upstream mobile connectivity. The hotspot zone remains IPv4-only though, Really? I have only tested on Android 4.2 (without the CLAT), but USB tethering with IPv6 seems to work fine. The phone sends RAs with it's allocated prefix. It's also sharing the DNS64 enabled DNS servers via DHCPv6, so DNS64/NAT64 works fine from the clients (of the phone). The only complaint I have about this IPv6 only setup is that the phone doesn't disable it's DHCPv4 server, so clients asking for an IPv4 address will get it. Which won't provide access to anything with the CLAT daemon... It's a minor issue though. This is of course going to work just with 464XLAT in place. Bjørn