SlideShare a Scribd company logo

NAT64 and DNS64 in 30 minutes

I
Ivan Pepelnjak

The presentation describes NAT solutions addressing the imminent IPv4 address exhaustion and some details of NAT64/DNS64 solution.

Technology
1 of 19
NAT64 and DNS64 in 30 seconds minutes Ivan Pepelnjak (ip@nil.com)NIL Data Communications
IPv6 adoption theory: the “famous” S-curve Who caresabout IPv4? IPv6 adoption [%] IPv6 pilots Time [years]
IPv6 adoption: the “ivory-tower” beliefs Who caresabout IPv4? IPv6 adoption [%] IPv6 pilots Time [years] Ecstatic earlyadopters Few years of dual-stack migration IPv4 addressexhaustion
IPv6 adoption: the unpleasant reality IPv6 adoption [%] IPv6-onlyclients? NAT and RFC 1918 IPv6 pilots Time [years] Early adopters 15 yearswasted IPv4 addressexhaustion
Options Facts: In 2 years some clients will not get public IPv4 addresses These clients will have to reach IPv4 content Options: CGN (large-scale NAT44) NAT444 (CGN + CPE NAT44) DS-Lite (NAT44 + 4-over-6 tunnel) A+P (DS-Lite with preconfigured port ranges) NAT64
NAT options: IPv4 only CPE CPE RFC1918 NAT44 IPv4 ProviderPrivate IPv4 Internet IPv4 Internet IPv4 Internet CGN/LSN NAT44 IPv4 RFC1918 LSN CGN/LSN NAT444 RFC1918 LSN
NAT options: IPv6 + IPv4 CPE B4 CPE DS-Lite RFC1918 AFTR IPv4 Internet IPv4 Internet IPv4 Internet IPv6 IPv6 IPv6 A+P RFC1918 AFTR NAT 64 NAT64
NAT is bad ... Is it really? Facts: Any NAT is worse than end-to-end Internet Dual NAT is worse than NAT (scrap NAT444) NAT with ALG is really bad (scrap NAT-PT, see RFC 4966) NAT is OK for outbound client-server sessions NAT + STUN/TURN works for peer-to-peer sessions We need some NAT to survive past IPv4 address exhaustion Personal opinion: NAT64 or DS-Lite/A+P are reasonable options
NAT-PT (RFC 2766) = NAT64 + NAT46 + DNS ALG Academic “we will bring world peace” approach DS-Lite = NAT44 over IPv6 Well-known solution (and problems) Large-scale NAT64 = limited scope IPv6 client to IPv4 server NAT46 is useless What went wrong with NAT-PT Who caresabout IPv4?
IPv4 IPv6 NAT64 topology DNS64 IPv6 + IPv4 NAT64 An IPv6 prefix (well-known or network-specific) is dedicated to mapped IPv4 addresses DNS64 converts A records into AAAA records using NAT64 prefix, serves A and AAAA records to the client NAT64 router advertises NAT64 prefix into IPv6 network to attract traffic toward IPv4 servers
DNS64 in action Q: AAAA for example.com Q: AAAA for example.com R: name error Q: A for example.com R: example.com (A) = 192.0.2.33 DNS64 translation for WKP R: example.com (AAAA)= 64:FF9B::192.0.2.33example.com (A) = 192.0.2.33
DNS64 in action (end-to-end IPv6) Q: AAAA for example.com Q: AAAA for example.com R: example.com (AAAA)= 64:FF9B::192.0.2.33 R: example.com (AAAA)= 64:FF9B::192.0.2.33 Native IPv6 communication w/o NAT64
NAT64 in action TCP SYN S=C-v6 D=WKP-v6 Translate WKP-v6 into IPv4Pick free IPv4 addr/port from poolBuild NAT session entry TCP SYN S=NP-v4 D=S-v4 TCP ACK S=S-v4 D=NP-v4 Translate NP-v4 + port into C-v6 TCP ACK S=WKP-v6 D=C-v6
NAT64: dirty details NAT64 prefix Any /32, /40, /48, /56, /64 or /96 prefix WKP = 64:FF9B::/96 Recommendation: use /64 for NSP Stateful NAT64 Very similar to PAT (stateful NAT44) Individual TCP and UDP sessions + ICMP replies are translated Source IPv6 address + port number used in lookup Stateless NAT64 Each IPv6 address is translated into one IPv4 address Only ICMP packets and IP headers are translated Limited use: IPv6 only servers
NAT64 versus DS-Lite NAT64 IPv6 to IPv4 NAT Native transport DNS 64 = DNS ALG No CPE or network modifications IPv6-only hosts NAT64 largely unknown DS-Lite IPv4 to IPv4 NAT 4over6 Tunnel No DNS(SEC) interaction Requires CPE support Does not need host IPv6(not even dual-stack) NAT44 well tested
NAT64 in enterprise networks NSP = 2002:FF9B::/96 IPv6 IPv6 + IPv4 www.example.com A 192.0.2.33 AAAA 2002:FF9B::192.0.2.33 Use NAT64 to make IPv4-only servers available to IPv6 clients Static entries in DNZ zone; DNS64 is not needed
Implementations Open-source:Ecdysis Microsoft: Forefront UAG DirectAccess Cisco:CGv6 Ericsson: field trials NAT64 is also (sort-of) part of NAT-PT
Conclusions We are not prepared for IPv4 address exhaustion We will not survive without NAT Best options: NAT64 or DS-Lite/A+P Push NAT64 – it promotes IPv6 clients NAT64 is not NAT-PT 6-to-4 only DNS ALG not in the forwarding path NAT64 also solves legacy server problems
NAT64 and DNS64 in 30 minutes

Recommended

464XLAT Tutorial
464XLAT Tutorial464XLAT Tutorial
464XLAT TutorialAPNIC
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionAPNIC
 
IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address PlanningAPNIC
 
6Rd
6Rd6Rd
6RdFred Bovy
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGPAPNIC
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
IPv6 Fundamentals
IPv6 FundamentalsIPv6 Fundamentals
IPv6 FundamentalsMatt Bynum
 
PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6
PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6
PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6PROIDEA
 

Recommended

464XLAT Tutorial
464XLAT Tutorial464XLAT Tutorial
464XLAT TutorialAPNIC
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionAPNIC
 
IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address PlanningAPNIC
 
6Rd
6Rd6Rd
6RdFred Bovy
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGPAPNIC
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
IPv6 Fundamentals
IPv6 FundamentalsIPv6 Fundamentals
IPv6 FundamentalsMatt Bynum
 
PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6
PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6
PLNOG 9: Krzysztof Mazepa - Dostęp szerokopasmowy IPv6PROIDEA
 
L2 tp
L2 tpL2 tp
L2 tpRamya Chowdary
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISPWahyu Nasution
 
GTP Overview
GTP OverviewGTP Overview
GTP Overviewaliirfan04
 
Segment Routing
Segment RoutingSegment Routing
Segment RoutingAPNIC
 
IPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onIPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onAPNIC
 
Bgp
BgpBgp
BgpFebrian ‎
 
CCNA
CCNACCNA
CCNAAbhishek Parihari
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotikAchmad Mardiansyah
 
rtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyondrtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and BeyondAndreas Granig
 
BGP (border gateway routing protocol)
BGP (border gateway routing protocol)BGP (border gateway routing protocol)
BGP (border gateway routing protocol)Netwax Lab
 
IPv6 Overview
IPv6 OverviewIPv6 Overview
IPv6 OverviewWilliam Lee
 
rtpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scalertpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scaleAndreas Granig
 
Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorialrakiva29
 
MPLS Lecture1(H)-102020.pdf
MPLS Lecture1(H)-102020.pdfMPLS Lecture1(H)-102020.pdf
MPLS Lecture1(H)-102020.pdfMulugetaTsehay1
 
Ipv6協定與原理
Ipv6協定與原理Ipv6協定與原理
Ipv6協定與原理dpodp
 
3GPP_Overall_Architecture_and_Specifications.pdf
3GPP_Overall_Architecture_and_Specifications.pdf3GPP_Overall_Architecture_and_Specifications.pdf
3GPP_Overall_Architecture_and_Specifications.pdfAbubakar416712
 
GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)Netwax Lab
 
BGP Techniques for Network Operators
BGP Techniques for Network OperatorsBGP Techniques for Network Operators
BGP Techniques for Network OperatorsAPNIC
 
IPV4 vs IPV6
IPV4 vs IPV6IPV4 vs IPV6
IPV4 vs IPV6Devang Doshi
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLIHoàng Hải Nguyễn
 
IPv6 Transition Strategies
IPv6 Transition StrategiesIPv6 Transition Strategies
IPv6 Transition StrategiesAPNIC
 
IPv6 Transition Techniques
IPv6 Transition TechniquesIPv6 Transition Techniques
IPv6 Transition TechniquesAPNIC
 

More Related Content

What's hot

Segment Routing
Segment RoutingSegment Routing
Segment RoutingAPNIC
 
IPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onIPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onAPNIC
 
rtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyondrtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and BeyondAndreas Granig
 
BGP (border gateway routing protocol)
BGP (border gateway routing protocol)BGP (border gateway routing protocol)
BGP (border gateway routing protocol)Netwax Lab
 
rtpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scalertpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scaleAndreas Granig
 
Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorialrakiva29
 
MPLS Lecture1(H)-102020.pdf
MPLS Lecture1(H)-102020.pdfMPLS Lecture1(H)-102020.pdf
MPLS Lecture1(H)-102020.pdfMulugetaTsehay1
 
Ipv6協定與原理
Ipv6協定與原理Ipv6協定與原理
Ipv6協定與原理dpodp
 
3GPP_Overall_Architecture_and_Specifications.pdf
3GPP_Overall_Architecture_and_Specifications.pdf3GPP_Overall_Architecture_and_Specifications.pdf
3GPP_Overall_Architecture_and_Specifications.pdfAbubakar416712
 
GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)Netwax Lab
 
BGP Techniques for Network Operators
BGP Techniques for Network OperatorsBGP Techniques for Network Operators
BGP Techniques for Network OperatorsAPNIC
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLIHoàng Hải Nguyễn
 

What's hot (20)

L2 tp
L2 tpL2 tp
L2 tp
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISP
 
GTP Overview
GTP OverviewGTP Overview
GTP Overview
 
Segment Routing
Segment RoutingSegment Routing
Segment Routing
 
IPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onIPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-on
 
Bgp
BgpBgp
Bgp
 
CCNA
CCNACCNA
CCNA
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotik
 
rtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyondrtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyond
 
BGP (border gateway routing protocol)
BGP (border gateway routing protocol)BGP (border gateway routing protocol)
BGP (border gateway routing protocol)
 
IPv6 Overview
IPv6 OverviewIPv6 Overview
IPv6 Overview
 
rtpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scalertpengine and kamailio - or how to simulate calls at scale
rtpengine and kamailio - or how to simulate calls at scale
 
Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorial
 
MPLS Lecture1(H)-102020.pdf
MPLS Lecture1(H)-102020.pdfMPLS Lecture1(H)-102020.pdf
MPLS Lecture1(H)-102020.pdf
 
Ipv6協定與原理
Ipv6協定與原理Ipv6協定與原理
Ipv6協定與原理
 
3GPP_Overall_Architecture_and_Specifications.pdf
3GPP_Overall_Architecture_and_Specifications.pdf3GPP_Overall_Architecture_and_Specifications.pdf
3GPP_Overall_Architecture_and_Specifications.pdf
 
GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)
 
BGP Techniques for Network Operators
BGP Techniques for Network OperatorsBGP Techniques for Network Operators
BGP Techniques for Network Operators
 
IPV4 vs IPV6
IPV4 vs IPV6IPV4 vs IPV6
IPV4 vs IPV6
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
 

Similar to NAT64 and DNS64 in 30 minutes

IPv6 Transition Strategies
IPv6 Transition StrategiesIPv6 Transition Strategies
IPv6 Transition StrategiesAPNIC
 
IPv6 Transition Techniques
IPv6 Transition TechniquesIPv6 Transition Techniques
IPv6 Transition TechniquesAPNIC
 
IPV6 by Philip Smith
IPV6 by Philip SmithIPV6 by Philip Smith
IPV6 by Philip SmithMyNOG
 
IPv6 in Cellular Networks
IPv6 in Cellular NetworksIPv6 in Cellular Networks
IPv6 in Cellular NetworksAPNIC
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsShannon McFarland
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6Private
 
Get Ready For Ipv6
Get Ready For Ipv6Get Ready For Ipv6
Get Ready For Ipv6Rishu Mehra
 
Get Ready For Ipv6
Get Ready For Ipv6Get Ready For Ipv6
Get Ready For Ipv6technext1
 
Robert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistanceRobert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistancePROIDEA
 
Upcoming internet challenges
Upcoming internet challengesUpcoming internet challenges
Upcoming internet challengesIvan Pepelnjak
 
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...Louis Göhl
 
IPv6 Transition Strategies Tutorial, by Philip Smith [APNIC 38]
IPv6 Transition Strategies Tutorial, by Philip Smith [APNIC 38]IPv6 Transition Strategies Tutorial, by Philip Smith [APNIC 38]
IPv6 Transition Strategies Tutorial, by Philip Smith [APNIC 38]APNIC
 
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime
 
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...eCommConf
 
APNIC Update
APNIC Update APNIC Update
APNIC Update APNIC
 
Operational Experience of MAP-E
Operational Experience of MAP-EOperational Experience of MAP-E
Operational Experience of MAP-EAkira Nakagawa
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsAPNIC
 
IPv6 deployment architecture for broadband access networks
IPv6 deployment architecture for broadband access networksIPv6 deployment architecture for broadband access networks
IPv6 deployment architecture for broadband access networksAPNIC
 

Similar to NAT64 and DNS64 in 30 minutes (20)

IPv6 Transition Strategies
IPv6 Transition StrategiesIPv6 Transition Strategies
IPv6 Transition Strategies
 
IPv6 Transition Techniques
IPv6 Transition TechniquesIPv6 Transition Techniques
IPv6 Transition Techniques
 
IPV6 by Philip Smith
IPV6 by Philip SmithIPV6 by Philip Smith
IPV6 by Philip Smith
 
IPv6 in Cellular Networks
IPv6 in Cellular NetworksIPv6 in Cellular Networks
IPv6 in Cellular Networks
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack Environments
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6
 
Get Ready For Ipv6
Get Ready For Ipv6Get Ready For Ipv6
Get Ready For Ipv6
 
Get Ready For Ipv6
Get Ready For Ipv6Get Ready For Ipv6
Get Ready For Ipv6
 
Robert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistanceRobert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistance
 
Upcoming internet challenges
Upcoming internet challengesUpcoming internet challenges
Upcoming internet challenges
 
Ipv6
Ipv6Ipv6
Ipv6
 
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
 
IPv6 Transition Strategies Tutorial, by Philip Smith [APNIC 38]
IPv6 Transition Strategies Tutorial, by Philip Smith [APNIC 38]IPv6 Transition Strategies Tutorial, by Philip Smith [APNIC 38]
IPv6 Transition Strategies Tutorial, by Philip Smith [APNIC 38]
 
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
 
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
 
APNIC Update
APNIC Update APNIC Update
APNIC Update
 
Day 20.i pv6 lab
Day 20.i pv6 labDay 20.i pv6 lab
Day 20.i pv6 lab
 
Operational Experience of MAP-E
Operational Experience of MAP-EOperational Experience of MAP-E
Operational Experience of MAP-E
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerations
 
IPv6 deployment architecture for broadband access networks
IPv6 deployment architecture for broadband access networksIPv6 deployment architecture for broadband access networks
IPv6 deployment architecture for broadband access networks
 

Recently uploaded

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Recently uploaded (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

NAT64 and DNS64 in 30 minutes

  • 1. NAT64 and DNS64 in 30 seconds minutes Ivan Pepelnjak (ip@nil.com)NIL Data Communications
  • 2. IPv6 adoption theory: the “famous” S-curve Who caresabout IPv4? IPv6 adoption [%] IPv6 pilots Time [years]
  • 3. IPv6 adoption: the “ivory-tower” beliefs Who caresabout IPv4? IPv6 adoption [%] IPv6 pilots Time [years] Ecstatic earlyadopters Few years of dual-stack migration IPv4 addressexhaustion
  • 4. IPv6 adoption: the unpleasant reality IPv6 adoption [%] IPv6-onlyclients? NAT and RFC 1918 IPv6 pilots Time [years] Early adopters 15 yearswasted IPv4 addressexhaustion
  • 5. Options Facts: In 2 years some clients will not get public IPv4 addresses These clients will have to reach IPv4 content Options: CGN (large-scale NAT44) NAT444 (CGN + CPE NAT44) DS-Lite (NAT44 + 4-over-6 tunnel) A+P (DS-Lite with preconfigured port ranges) NAT64
  • 6. NAT options: IPv4 only CPE CPE RFC1918 NAT44 IPv4 ProviderPrivate IPv4 Internet IPv4 Internet IPv4 Internet CGN/LSN NAT44 IPv4 RFC1918 LSN CGN/LSN NAT444 RFC1918 LSN
  • 7. NAT options: IPv6 + IPv4 CPE B4 CPE DS-Lite RFC1918 AFTR IPv4 Internet IPv4 Internet IPv4 Internet IPv6 IPv6 IPv6 A+P RFC1918 AFTR NAT 64 NAT64
  • 8. NAT is bad ... Is it really? Facts: Any NAT is worse than end-to-end Internet Dual NAT is worse than NAT (scrap NAT444) NAT with ALG is really bad (scrap NAT-PT, see RFC 4966) NAT is OK for outbound client-server sessions NAT + STUN/TURN works for peer-to-peer sessions We need some NAT to survive past IPv4 address exhaustion Personal opinion: NAT64 or DS-Lite/A+P are reasonable options
  • 9. NAT-PT (RFC 2766) = NAT64 + NAT46 + DNS ALG Academic “we will bring world peace” approach DS-Lite = NAT44 over IPv6 Well-known solution (and problems) Large-scale NAT64 = limited scope IPv6 client to IPv4 server NAT46 is useless What went wrong with NAT-PT Who caresabout IPv4?
  • 10. IPv4 IPv6 NAT64 topology DNS64 IPv6 + IPv4 NAT64 An IPv6 prefix (well-known or network-specific) is dedicated to mapped IPv4 addresses DNS64 converts A records into AAAA records using NAT64 prefix, serves A and AAAA records to the client NAT64 router advertises NAT64 prefix into IPv6 network to attract traffic toward IPv4 servers
  • 11. DNS64 in action Q: AAAA for example.com Q: AAAA for example.com R: name error Q: A for example.com R: example.com (A) = 192.0.2.33 DNS64 translation for WKP R: example.com (AAAA)= 64:FF9B::192.0.2.33example.com (A) = 192.0.2.33
  • 12. DNS64 in action (end-to-end IPv6) Q: AAAA for example.com Q: AAAA for example.com R: example.com (AAAA)= 64:FF9B::192.0.2.33 R: example.com (AAAA)= 64:FF9B::192.0.2.33 Native IPv6 communication w/o NAT64
  • 13. NAT64 in action TCP SYN S=C-v6 D=WKP-v6 Translate WKP-v6 into IPv4Pick free IPv4 addr/port from poolBuild NAT session entry TCP SYN S=NP-v4 D=S-v4 TCP ACK S=S-v4 D=NP-v4 Translate NP-v4 + port into C-v6 TCP ACK S=WKP-v6 D=C-v6
  • 14. NAT64: dirty details NAT64 prefix Any /32, /40, /48, /56, /64 or /96 prefix WKP = 64:FF9B::/96 Recommendation: use /64 for NSP Stateful NAT64 Very similar to PAT (stateful NAT44) Individual TCP and UDP sessions + ICMP replies are translated Source IPv6 address + port number used in lookup Stateless NAT64 Each IPv6 address is translated into one IPv4 address Only ICMP packets and IP headers are translated Limited use: IPv6 only servers
  • 15. NAT64 versus DS-Lite NAT64 IPv6 to IPv4 NAT Native transport DNS 64 = DNS ALG No CPE or network modifications IPv6-only hosts NAT64 largely unknown DS-Lite IPv4 to IPv4 NAT 4over6 Tunnel No DNS(SEC) interaction Requires CPE support Does not need host IPv6(not even dual-stack) NAT44 well tested
  • 16. NAT64 in enterprise networks NSP = 2002:FF9B::/96 IPv6 IPv6 + IPv4 www.example.com A 192.0.2.33 AAAA 2002:FF9B::192.0.2.33 Use NAT64 to make IPv4-only servers available to IPv6 clients Static entries in DNZ zone; DNS64 is not needed
  • 17. Implementations Open-source:Ecdysis Microsoft: Forefront UAG DirectAccess Cisco:CGv6 Ericsson: field trials NAT64 is also (sort-of) part of NAT-PT
  • 18. Conclusions We are not prepared for IPv4 address exhaustion We will not survive without NAT Best options: NAT64 or DS-Lite/A+P Push NAT64 – it promotes IPv6 clients NAT64 is not NAT-PT 6-to-4 only DNS ALG not in the forwarding path NAT64 also solves legacy server problems