SlideShare ist ein Scribd-Unternehmen logo

NAT64 and DNS64 in 30 minutes

I
Ivan Pepelnjak

The presentation describes NAT solutions addressing the imminent IPv4 address exhaustion and some details of NAT64/DNS64 solution.

Technologie
1 von 19
NAT64 and DNS64 in 30 seconds minutes Ivan Pepelnjak (ip@nil.com)NIL Data Communications
IPv6 adoption theory: the “famous” S-curve Who caresabout IPv4? IPv6 adoption [%] IPv6 pilots Time [years]
IPv6 adoption: the “ivory-tower” beliefs Who caresabout IPv4? IPv6 adoption [%] IPv6 pilots Time [years] Ecstatic earlyadopters Few years of dual-stack migration IPv4 addressexhaustion
IPv6 adoption: the unpleasant reality IPv6 adoption [%] IPv6-onlyclients? NAT and RFC 1918 IPv6 pilots Time [years] Early adopters 15 yearswasted IPv4 addressexhaustion
Options Facts: In 2 years some clients will not get public IPv4 addresses These clients will have to reach IPv4 content Options: CGN (large-scale NAT44) NAT444 (CGN + CPE NAT44) DS-Lite (NAT44 + 4-over-6 tunnel) A+P (DS-Lite with preconfigured port ranges) NAT64
NAT options: IPv4 only CPE CPE RFC1918 NAT44 IPv4 ProviderPrivate IPv4 Internet IPv4 Internet IPv4 Internet CGN/LSN NAT44 IPv4 RFC1918 LSN CGN/LSN NAT444 RFC1918 LSN
NAT options: IPv6 + IPv4 CPE B4 CPE DS-Lite RFC1918 AFTR IPv4 Internet IPv4 Internet IPv4 Internet IPv6 IPv6 IPv6 A+P RFC1918 AFTR NAT 64 NAT64
NAT is bad ... Is it really? Facts: Any NAT is worse than end-to-end Internet Dual NAT is worse than NAT (scrap NAT444) NAT with ALG is really bad (scrap NAT-PT, see RFC 4966) NAT is OK for outbound client-server sessions NAT + STUN/TURN works for peer-to-peer sessions We need some NAT to survive past IPv4 address exhaustion Personal opinion: NAT64 or DS-Lite/A+P are reasonable options
NAT-PT (RFC 2766) = NAT64 + NAT46 + DNS ALG Academic “we will bring world peace” approach DS-Lite = NAT44 over IPv6 Well-known solution (and problems) Large-scale NAT64 = limited scope IPv6 client to IPv4 server NAT46 is useless What went wrong with NAT-PT Who caresabout IPv4?
IPv4 IPv6 NAT64 topology DNS64 IPv6 + IPv4 NAT64 An IPv6 prefix (well-known or network-specific) is dedicated to mapped IPv4 addresses DNS64 converts A records into AAAA records using NAT64 prefix, serves A and AAAA records to the client NAT64 router advertises NAT64 prefix into IPv6 network to attract traffic toward IPv4 servers
DNS64 in action Q: AAAA for example.com Q: AAAA for example.com R: name error Q: A for example.com R: example.com (A) = 192.0.2.33 DNS64 translation for WKP R: example.com (AAAA)= 64:FF9B::192.0.2.33example.com (A) = 192.0.2.33
DNS64 in action (end-to-end IPv6) Q: AAAA for example.com Q: AAAA for example.com R: example.com (AAAA)= 64:FF9B::192.0.2.33 R: example.com (AAAA)= 64:FF9B::192.0.2.33 Native IPv6 communication w/o NAT64
NAT64 in action TCP SYN S=C-v6 D=WKP-v6 Translate WKP-v6 into IPv4Pick free IPv4 addr/port from poolBuild NAT session entry TCP SYN S=NP-v4 D=S-v4 TCP ACK S=S-v4 D=NP-v4 Translate NP-v4 + port into C-v6 TCP ACK S=WKP-v6 D=C-v6
NAT64: dirty details NAT64 prefix Any /32, /40, /48, /56, /64 or /96 prefix WKP = 64:FF9B::/96 Recommendation: use /64 for NSP Stateful NAT64 Very similar to PAT (stateful NAT44) Individual TCP and UDP sessions + ICMP replies are translated Source IPv6 address + port number used in lookup Stateless NAT64 Each IPv6 address is translated into one IPv4 address Only ICMP packets and IP headers are translated Limited use: IPv6 only servers
NAT64 versus DS-Lite NAT64 IPv6 to IPv4 NAT Native transport DNS 64 = DNS ALG No CPE or network modifications IPv6-only hosts NAT64 largely unknown DS-Lite IPv4 to IPv4 NAT 4over6 Tunnel No DNS(SEC) interaction Requires CPE support Does not need host IPv6(not even dual-stack) NAT44 well tested
NAT64 in enterprise networks NSP = 2002:FF9B::/96 IPv6 IPv6 + IPv4 www.example.com A 192.0.2.33 AAAA 2002:FF9B::192.0.2.33 Use NAT64 to make IPv4-only servers available to IPv6 clients Static entries in DNZ zone; DNS64 is not needed
Implementations Open-source:Ecdysis Microsoft: Forefront UAG DirectAccess Cisco:CGv6 Ericsson: field trials NAT64 is also (sort-of) part of NAT-PT
Conclusions We are not prepared for IPv4 address exhaustion We will not survive without NAT Best options: NAT64 or DS-Lite/A+P Push NAT64 – it promotes IPv6 clients NAT64 is not NAT-PT 6-to-4 only DNS ALG not in the forwarding path NAT64 also solves legacy server problems
NAT64 and DNS64 in 30 minutes

Empfohlen

Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containersDocker, Inc.
 
eBPF Workshop
eBPF WorkshopeBPF Workshop
eBPF WorkshopMichael Kehoe
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]APNIC
 
IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address PlanningAPNIC
 
Ethernet VPN (EVPN) EVerything Provider Needs
Ethernet VPN (EVPN) EVerything Provider NeedsEthernet VPN (EVPN) EVerything Provider Needs
Ethernet VPN (EVPN) EVerything Provider NeedsCSUC - Consorci de Serveis Universitaris de Catalunya
 
Multicast in OpenStack
Multicast in OpenStackMulticast in OpenStack
Multicast in OpenStackVikram G Hosakote
 
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data CenterPLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data CenterPROIDEA
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
 

Empfohlen

Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containersDocker, Inc.
 
eBPF Workshop
eBPF WorkshopeBPF Workshop
eBPF WorkshopMichael Kehoe
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]APNIC
 
IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address PlanningAPNIC
 
Ethernet VPN (EVPN) EVerything Provider Needs
Ethernet VPN (EVPN) EVerything Provider NeedsEthernet VPN (EVPN) EVerything Provider Needs
Ethernet VPN (EVPN) EVerything Provider NeedsCSUC - Consorci de Serveis Universitaris de Catalunya
 
Multicast in OpenStack
Multicast in OpenStackMulticast in OpenStack
Multicast in OpenStackVikram G Hosakote
 
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data CenterPLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data CenterPROIDEA
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceBertrand Duvivier
 
MPLS WC 2014 Segment Routing TI-LFA Fast ReRoute
MPLS WC 2014 Segment Routing TI-LFA Fast ReRouteMPLS WC 2014 Segment Routing TI-LFA Fast ReRoute
MPLS WC 2014 Segment Routing TI-LFA Fast ReRouteBruno Decraene
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux KernelKernel TLV
 
Vxlan control plane and routing
Vxlan control plane and routingVxlan control plane and routing
Vxlan control plane and routingWilfredzeng
 
464XLAT Tutorial
464XLAT Tutorial464XLAT Tutorial
464XLAT TutorialAPNIC
 
Brkmpl 2333
Brkmpl 2333Brkmpl 2333
Brkmpl 2333ronsito
 
PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6
PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6
PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6PROIDEA
 
WAN SDN meet Segment Routing
WAN SDN meet Segment RoutingWAN SDN meet Segment Routing
WAN SDN meet Segment RoutingAPNIC
 
Comparison of SRv6 Extensions uSID, SRv6+, C-SRH
Comparison of SRv6 Extensions uSID, SRv6+, C-SRHComparison of SRv6 Extensions uSID, SRv6+, C-SRH
Comparison of SRv6 Extensions uSID, SRv6+, C-SRHKentaro Ebisawa
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGPDuane Bodle
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewAmeen Wayok
 
Dpdk applications
Dpdk applicationsDpdk applications
Dpdk applicationsVipin Varghese
 
A very good introduction to IPv6
A very good introduction to IPv6A very good introduction to IPv6
A very good introduction to IPv6Syed Arshad
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
 
VPP for Stateless SRv6/GTP-U Translation
VPP for Stateless SRv6/GTP-U TranslationVPP for Stateless SRv6/GTP-U Translation
VPP for Stateless SRv6/GTP-U TranslationSatoru Matsushima
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlanSuraj Deshmukh
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalKwonSun Bae
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Cumulus Networks
 
Cisco ospf
Cisco ospf Cisco ospf
Cisco ospf sarasanandam
 
IPv6 Transition Strategies
IPv6 Transition StrategiesIPv6 Transition Strategies
IPv6 Transition StrategiesAPNIC
 
IPv6 Transition Techniques
IPv6 Transition TechniquesIPv6 Transition Techniques
IPv6 Transition TechniquesAPNIC
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceBertrand Duvivier
 
MPLS WC 2014 Segment Routing TI-LFA Fast ReRoute
MPLS WC 2014 Segment Routing TI-LFA Fast ReRouteMPLS WC 2014 Segment Routing TI-LFA Fast ReRoute
MPLS WC 2014 Segment Routing TI-LFA Fast ReRouteBruno Decraene
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux KernelKernel TLV
 
Vxlan control plane and routing
Vxlan control plane and routingVxlan control plane and routing
Vxlan control plane and routingWilfredzeng
 
464XLAT Tutorial
464XLAT Tutorial464XLAT Tutorial
464XLAT TutorialAPNIC
 
Brkmpl 2333
Brkmpl 2333Brkmpl 2333
Brkmpl 2333ronsito
 
PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6
PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6
PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6PROIDEA
 
WAN SDN meet Segment Routing
WAN SDN meet Segment RoutingWAN SDN meet Segment Routing
WAN SDN meet Segment RoutingAPNIC
 
Comparison of SRv6 Extensions uSID, SRv6+, C-SRH
Comparison of SRv6 Extensions uSID, SRv6+, C-SRHComparison of SRv6 Extensions uSID, SRv6+, C-SRH
Comparison of SRv6 Extensions uSID, SRv6+, C-SRHKentaro Ebisawa
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGPDuane Bodle
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewAmeen Wayok
 
A very good introduction to IPv6
A very good introduction to IPv6A very good introduction to IPv6
A very good introduction to IPv6Syed Arshad
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
 
VPP for Stateless SRv6/GTP-U Translation
VPP for Stateless SRv6/GTP-U TranslationVPP for Stateless SRv6/GTP-U Translation
VPP for Stateless SRv6/GTP-U TranslationSatoru Matsushima
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalKwonSun Bae
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Cumulus Networks
 

Was ist angesagt? (20)

Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advance
 
MPLS WC 2014 Segment Routing TI-LFA Fast ReRoute
MPLS WC 2014 Segment Routing TI-LFA Fast ReRouteMPLS WC 2014 Segment Routing TI-LFA Fast ReRoute
MPLS WC 2014 Segment Routing TI-LFA Fast ReRoute
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux Kernel
 
Vxlan control plane and routing
Vxlan control plane and routingVxlan control plane and routing
Vxlan control plane and routing
 
464XLAT Tutorial
464XLAT Tutorial464XLAT Tutorial
464XLAT Tutorial
 
Brkmpl 2333
Brkmpl 2333Brkmpl 2333
Brkmpl 2333
 
PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6
PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6
PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6
 
WAN SDN meet Segment Routing
WAN SDN meet Segment RoutingWAN SDN meet Segment Routing
WAN SDN meet Segment Routing
 
Comparison of SRv6 Extensions uSID, SRv6+, C-SRH
Comparison of SRv6 Extensions uSID, SRv6+, C-SRHComparison of SRv6 Extensions uSID, SRv6+, C-SRH
Comparison of SRv6 Extensions uSID, SRv6+, C-SRH
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGP
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
 
Dpdk applications
Dpdk applicationsDpdk applications
Dpdk applications
 
A very good introduction to IPv6
A very good introduction to IPv6A very good introduction to IPv6
A very good introduction to IPv6
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
 
VPP for Stateless SRv6/GTP-U Translation
VPP for Stateless SRv6/GTP-U TranslationVPP for Stateless SRv6/GTP-U Translation
VPP for Stateless SRv6/GTP-U Translation
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlan
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 final
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2
 
Cisco ospf
Cisco ospf Cisco ospf
Cisco ospf
 

Ähnlich wie NAT64 and DNS64 in 30 minutes

IPv6 Transition Strategies
IPv6 Transition StrategiesIPv6 Transition Strategies
IPv6 Transition StrategiesAPNIC
 
IPv6 Transition Techniques
IPv6 Transition TechniquesIPv6 Transition Techniques
IPv6 Transition TechniquesAPNIC
 
IPV6 by Philip Smith
IPV6 by Philip SmithIPV6 by Philip Smith
IPV6 by Philip SmithMyNOG
 
IPv6 in Cellular Networks
IPv6 in Cellular NetworksIPv6 in Cellular Networks
IPv6 in Cellular NetworksAPNIC
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsShannon McFarland
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6Private
 
Get Ready For Ipv6
Get Ready For Ipv6Get Ready For Ipv6
Get Ready For Ipv6Rishu Mehra
 
Get Ready For Ipv6
Get Ready For Ipv6Get Ready For Ipv6
Get Ready For Ipv6technext1
 
Robert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistanceRobert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistancePROIDEA
 
Upcoming internet challenges
Upcoming internet challengesUpcoming internet challenges
Upcoming internet challengesIvan Pepelnjak
 
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...Louis Göhl
 
IPv6 Transition Strategies Tutorial, by Philip Smith [APNIC 38]
IPv6 Transition Strategies Tutorial, by Philip Smith [APNIC 38]IPv6 Transition Strategies Tutorial, by Philip Smith [APNIC 38]
IPv6 Transition Strategies Tutorial, by Philip Smith [APNIC 38]APNIC
 
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime
 
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...eCommConf
 
APNIC Update
APNIC Update APNIC Update
APNIC Update APNIC
 
Operational Experience of MAP-E
Operational Experience of MAP-EOperational Experience of MAP-E
Operational Experience of MAP-EAkira Nakagawa
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsAPNIC
 
IPv6 deployment architecture for broadband access networks
IPv6 deployment architecture for broadband access networksIPv6 deployment architecture for broadband access networks
IPv6 deployment architecture for broadband access networksAPNIC
 

Ähnlich wie NAT64 and DNS64 in 30 minutes (20)

IPv6 Transition Strategies
IPv6 Transition StrategiesIPv6 Transition Strategies
IPv6 Transition Strategies
 
IPv6 Transition Techniques
IPv6 Transition TechniquesIPv6 Transition Techniques
IPv6 Transition Techniques
 
IPV6 by Philip Smith
IPV6 by Philip SmithIPV6 by Philip Smith
IPV6 by Philip Smith
 
IPv6 in Cellular Networks
IPv6 in Cellular NetworksIPv6 in Cellular Networks
IPv6 in Cellular Networks
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack Environments
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6
 
Get Ready For Ipv6
Get Ready For Ipv6Get Ready For Ipv6
Get Ready For Ipv6
 
Get Ready For Ipv6
Get Ready For Ipv6Get Ready For Ipv6
Get Ready For Ipv6
 
Robert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistanceRobert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistance
 
Upcoming internet challenges
Upcoming internet challengesUpcoming internet challenges
Upcoming internet challenges
 
Ipv6
Ipv6Ipv6
Ipv6
 
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
 
IPv6 Transition Strategies Tutorial, by Philip Smith [APNIC 38]
IPv6 Transition Strategies Tutorial, by Philip Smith [APNIC 38]IPv6 Transition Strategies Tutorial, by Philip Smith [APNIC 38]
IPv6 Transition Strategies Tutorial, by Philip Smith [APNIC 38]
 
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
 
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
 
APNIC Update
APNIC Update APNIC Update
APNIC Update
 
Day 20.i pv6 lab
Day 20.i pv6 labDay 20.i pv6 lab
Day 20.i pv6 lab
 
Operational Experience of MAP-E
Operational Experience of MAP-EOperational Experience of MAP-E
Operational Experience of MAP-E
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerations
 
IPv6 deployment architecture for broadband access networks
IPv6 deployment architecture for broadband access networksIPv6 deployment architecture for broadband access networks
IPv6 deployment architecture for broadband access networks
 

Kürzlich hochgeladen

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 

Kürzlich hochgeladen (20)

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 

NAT64 and DNS64 in 30 minutes

  • 1. NAT64 and DNS64 in 30 seconds minutes Ivan Pepelnjak (ip@nil.com)NIL Data Communications
  • 2. IPv6 adoption theory: the “famous” S-curve Who caresabout IPv4? IPv6 adoption [%] IPv6 pilots Time [years]
  • 3. IPv6 adoption: the “ivory-tower” beliefs Who caresabout IPv4? IPv6 adoption [%] IPv6 pilots Time [years] Ecstatic earlyadopters Few years of dual-stack migration IPv4 addressexhaustion
  • 4. IPv6 adoption: the unpleasant reality IPv6 adoption [%] IPv6-onlyclients? NAT and RFC 1918 IPv6 pilots Time [years] Early adopters 15 yearswasted IPv4 addressexhaustion
  • 5. Options Facts: In 2 years some clients will not get public IPv4 addresses These clients will have to reach IPv4 content Options: CGN (large-scale NAT44) NAT444 (CGN + CPE NAT44) DS-Lite (NAT44 + 4-over-6 tunnel) A+P (DS-Lite with preconfigured port ranges) NAT64
  • 6. NAT options: IPv4 only CPE CPE RFC1918 NAT44 IPv4 ProviderPrivate IPv4 Internet IPv4 Internet IPv4 Internet CGN/LSN NAT44 IPv4 RFC1918 LSN CGN/LSN NAT444 RFC1918 LSN
  • 7. NAT options: IPv6 + IPv4 CPE B4 CPE DS-Lite RFC1918 AFTR IPv4 Internet IPv4 Internet IPv4 Internet IPv6 IPv6 IPv6 A+P RFC1918 AFTR NAT 64 NAT64
  • 8. NAT is bad ... Is it really? Facts: Any NAT is worse than end-to-end Internet Dual NAT is worse than NAT (scrap NAT444) NAT with ALG is really bad (scrap NAT-PT, see RFC 4966) NAT is OK for outbound client-server sessions NAT + STUN/TURN works for peer-to-peer sessions We need some NAT to survive past IPv4 address exhaustion Personal opinion: NAT64 or DS-Lite/A+P are reasonable options
  • 9. NAT-PT (RFC 2766) = NAT64 + NAT46 + DNS ALG Academic “we will bring world peace” approach DS-Lite = NAT44 over IPv6 Well-known solution (and problems) Large-scale NAT64 = limited scope IPv6 client to IPv4 server NAT46 is useless What went wrong with NAT-PT Who caresabout IPv4?
  • 10. IPv4 IPv6 NAT64 topology DNS64 IPv6 + IPv4 NAT64 An IPv6 prefix (well-known or network-specific) is dedicated to mapped IPv4 addresses DNS64 converts A records into AAAA records using NAT64 prefix, serves A and AAAA records to the client NAT64 router advertises NAT64 prefix into IPv6 network to attract traffic toward IPv4 servers
  • 11. DNS64 in action Q: AAAA for example.com Q: AAAA for example.com R: name error Q: A for example.com R: example.com (A) = 192.0.2.33 DNS64 translation for WKP R: example.com (AAAA)= 64:FF9B::192.0.2.33example.com (A) = 192.0.2.33
  • 12. DNS64 in action (end-to-end IPv6) Q: AAAA for example.com Q: AAAA for example.com R: example.com (AAAA)= 64:FF9B::192.0.2.33 R: example.com (AAAA)= 64:FF9B::192.0.2.33 Native IPv6 communication w/o NAT64
  • 13. NAT64 in action TCP SYN S=C-v6 D=WKP-v6 Translate WKP-v6 into IPv4Pick free IPv4 addr/port from poolBuild NAT session entry TCP SYN S=NP-v4 D=S-v4 TCP ACK S=S-v4 D=NP-v4 Translate NP-v4 + port into C-v6 TCP ACK S=WKP-v6 D=C-v6
  • 14. NAT64: dirty details NAT64 prefix Any /32, /40, /48, /56, /64 or /96 prefix WKP = 64:FF9B::/96 Recommendation: use /64 for NSP Stateful NAT64 Very similar to PAT (stateful NAT44) Individual TCP and UDP sessions + ICMP replies are translated Source IPv6 address + port number used in lookup Stateless NAT64 Each IPv6 address is translated into one IPv4 address Only ICMP packets and IP headers are translated Limited use: IPv6 only servers
  • 15. NAT64 versus DS-Lite NAT64 IPv6 to IPv4 NAT Native transport DNS 64 = DNS ALG No CPE or network modifications IPv6-only hosts NAT64 largely unknown DS-Lite IPv4 to IPv4 NAT 4over6 Tunnel No DNS(SEC) interaction Requires CPE support Does not need host IPv6(not even dual-stack) NAT44 well tested
  • 16. NAT64 in enterprise networks NSP = 2002:FF9B::/96 IPv6 IPv6 + IPv4 www.example.com A 192.0.2.33 AAAA 2002:FF9B::192.0.2.33 Use NAT64 to make IPv4-only servers available to IPv6 clients Static entries in DNZ zone; DNS64 is not needed
  • 17. Implementations Open-source:Ecdysis Microsoft: Forefront UAG DirectAccess Cisco:CGv6 Ericsson: field trials NAT64 is also (sort-of) part of NAT-PT
  • 18. Conclusions We are not prepared for IPv4 address exhaustion We will not survive without NAT Best options: NAT64 or DS-Lite/A+P Push NAT64 – it promotes IPv6 clients NAT64 is not NAT-PT 6-to-4 only DNS ALG not in the forwarding path NAT64 also solves legacy server problems