nanog mailing list archives
RE: NAT64 and matching identities
From: "Justin M. Streiner" <streiner () cluebyfour org>
Date: Tue, 19 Nov 2013 18:23:21 -0500 (EST)
On Tue, 19 Nov 2013, Ian Smith wrote:
It depends on what direction your are translating to:IPv6-only host to IPv4 Internet: This isn't a problem if you are dual-stack at the host, but if you really do have ip6 only hosts, you aren't looking at any requirement that is different than LSN44 or providing a IPv6 tunnel broker service (like he.net). Since NAT64 is necessarily predicated by a DNS64 operation and you know who you gave an IP address to because they logged in (in some fashion) so you could bill them, you can log {subID,src_ip6,xlat_ip4:port,dst_ip4:port,fqdn} using syslog or ipfix (in as little as one message, depending on the AAA and IPAM architecture) and invest in log servers. Port block allocation and deterministic schemes are possible here as well, but really, the only way to know you aren't going to be surprised by a lost or inaccurate data set under subpoena is to just log everything and write it off as a statutory expense.
Much of our initial deployment will be dual-stack, however I also want to plan for situations where we won't have enough v4 addresses to dual-stack (or we reach a point where we need to hold some of our routable v4 space in reserve for transition mechanisms), plus dual-stack on its own provides no incentive for users to migrate completely to v6.
That said, I need to plan for the eventuality of v6-only hosts being able to reach the v4 Internet. While many of the Alexa global 500 sites have some sort of v6 capability today and the percentage of global Internet traffic that is v6 is increasing every day, the need for reachability to what remains of the v4 Internet will not go away any time soon.
jms
Current thread:
- NAT64 and matching identities Justin M. Streiner (Nov 18)
- Re: NAT64 and matching identities Tom Taylor (Nov 18)
- Re: NAT64 and matching identities Paul WALL (Nov 18)
- Re: NAT64 and matching identities Lee Howard (Nov 19)
- Re: NAT64 and matching identities Andrew Sullivan (Nov 19)
- Re: NAT64 and matching identities Fred Baker (fred) (Nov 19)
- RE: NAT64 and matching identities Don Bowman (Nov 19)
- RE: NAT64 and matching identities Ian Smith (Nov 19)
- RE: NAT64 and matching identities Justin M. Streiner (Nov 19)
- Re: NAT64 and matching identities Lee Howard (Nov 20)
- Re: NAT64 and matching identities Gary E. Miller (Nov 20)
- Re: NAT64 and matching identities Lee Howard (Nov 20)
- RE: NAT64 and matching identities Tony Hain (Nov 22)
- Re: NAT64 and matching identities Owen DeLong (Nov 22)
- Re: NAT64 and matching identities Valdis . Kletnieks (Nov 22)
- Re: NAT64 and matching identities joel jaeggli (Nov 22)
- Re: NAT64 and matching identities Owen DeLong (Nov 22)
- RE: NAT64 and matching identities Tony Hain (Nov 22)
- Re: NAT64 and matching identities Owen DeLong (Nov 22)
- Re: NAT64 and matching identities Tom Taylor (Nov 18)