nanog mailing list archives

Re: quietly....

From: Mark Andrews <marka () isc org>
Date: Sat, 05 Feb 2011 09:44:00 +1100


In message <FE7943DF-6A3A-478F-AF40-DE4D3592FB1D () puck nether net>, Jared Mauch 
writes:


On Feb 4, 2011, at 4:32 PM, Mark Andrews wrote:

=20
In message <201102041140.42719.lowen () pari edu>, Lamar Owen writes:

On Friday, February 04, 2011 09:05:09 am Derek J. Balling wrote:

I think they'll eventually notice a difference. How will an =

IPv4-only inter

nal host know what to do with an IPv6 AAAA record it gets from a DNS =

lookup?

=20
If the CPE is doing DNS proxy (most do) then it can map the AAAA =

record to an

A record it passes to the internal client, with an internal address =

for the=20

record chosen from RFC1918 space, and perform IPv4-IPv6 1:1 NAT from =

the assi

gned RFC1918 address to the external IPv6 address from the AAAA =

record (since

you have at least a /64 at your CPE, you can even use the RFC1918 =

address in

the lower 32 bits.... :-P). =20
=20
This may already be a standard, or a draft, or implemented somewhere; =

I don't

know.  But that is how I would do it, just thinking off the top of my =

head.

=20

=20
DS-lite delivers a IPv4 softwire over a IPv6 upstream.  It also
introduces less problems than NAT64 as it works with DNSSEC and
with IPv4 literal.  Along with DS-lite there is a UPNP replacement
designed to work with distributed NATs (DS-Lite (AFTR+B4) and NAT444
(LSN + CPE NAT)) so that holes can be punched threw multiple devices
if needed.


I've yet to see a version of ALG that isn't buggy (eg: Cisco SIP-ALG, =
2Wire/ATT uverse sip-alg is seriously broken, same for either dlink or =
netgear... we have to turn it off otherwise it does bad things).


And you reported the bugs.

I'm sure that LSN activity is going to work "great" for the carriers.


Yes it is a worry which is why we want people to move to IPv6 and
not use NAT.  Less things to go wrong.  A firewall only has to react
to the traffic not re-write it.  One lesa thing to go wrong.

- jared=

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org

Current thread:

Re: quietly...., (continued)
- - - Re: quietly.... Mark Andrews (Feb 03)
    - Re: quietly.... Roland Perry (Feb 03)
    - Re: quietly.... Mark Andrews (Feb 03)
    - Re: quietly.... Roland Perry (Feb 04)
    - Re: quietly.... Derek J. Balling (Feb 04)
    - Re: quietly.... Roland Perry (Feb 04)
    - Re: quietly.... Lamar Owen (Feb 04)
    - Re: quietly.... Derek J. Balling (Feb 04)
    - Re: quietly.... Mark Andrews (Feb 04)
    - Re: quietly.... Jared Mauch (Feb 04)
    - Re: quietly.... Mark Andrews (Feb 04)
    - Re: quietly.... Mark Andrews (Feb 04)
    - Re: quietly.... Mark Andrews (Feb 02)
    - Re: quietly.... Jack Bates (Feb 01)
    - Re: quietly.... Karl Auer (Feb 01)
    - Re: quietly.... Owen DeLong (Feb 01)
    - Re: quietly.... Chris Adams (Feb 01)
    - Re: quietly.... Owen DeLong (Feb 01)
    - Re: quietly.... Dave Israel (Feb 01)
    - Re: quietly.... Jack Bates (Feb 01)
    - Re: quietly.... Owen DeLong (Feb 02)

(Thread continues...)