nanog mailing list archives
Quick comparison of LSNs and NAT64
From: Aleksi Suhonen <nanog-poster () axu tm>
Date: Thu, 09 Jun 2011 08:01:30 +0300
Hello,Some people were talking about Large Scale NATs (LSN) or Carrier Grade NATs (CGN) yesterday. Comments included that DS-Lite and NAT64 are basically LSNs and they suffer from all the same problems. I don't think that NAT64 is as bad as other LSNs and here's why:
NAT64 scales much better than NAT44 and NAT444(*)The trick is with its companion DNS64. If you need more NAT64 capacity, you can just add more NAT64 boxes with unique /96 prefixes around your network and have your DNS64 load-balance traffic to those boxes. You can also map one A record into two AAAA records of different NAT64 boxes, in case that works better with some application protocols.
The smallest granularity of load-balancing easily available with NAT444 is per customer or per customer group. DNS64 allows per flow granularity for load-balancing without even breaking a sweat.
I've been testing NAT64 at home using a public NAT64 trial and generally I've been very happy with it:
http://www.trex.fi/2011/dns64.htmlA neat feature I've liked is that I don't have to pass all my traffic via the NAT64 box, and so it doesn't have to be between me and the Internet. NAT44 usually acts as a fuse between me and my Internet.
The biggest downsides I've encountered are:I. Some streaming websites use IP addresses in their video stream URLs, so DNS64 doesn't get asked and that traffic won't flow via NAT64. Thankfully these are a minority.
II. Networked games usually use some sort of a tracker to help clients find games to connect to, and those only use plain IP addresses too. And some games only query for A records, and thus can't benefit from DNS64 either.
So I guess the optimal way to stretch the lifetime of IPv4 while still moving toward IPv6 all the time would be to dual-stack customers and deploy both NAT64/DNS64 and some other LSN which can handle the two downsides above. All the traffic that you can shift to NAT64 means that your other LSN (which doesn't scale as well) can handle that much more traffic before becoming a bottleneck. And naturally, you'll want to shift all that youtube/facebook/whatever traffic to native IPv6 to help both NAT boxes cope.
My 2 cents delivered,
--
Aleksi Suhonen
() ascii ribbon campaign
/\ support plain text e-mail
(*) NAT44 means the normal NAT from private IPv4 addresses to public
IPv4 addresses. NAT444 means that there are two layers of NAT boxes:
usually one at customer premises and the other at the ISP, doing LSN.
Current thread:
- Quick comparison of LSNs and NAT64 Aleksi Suhonen (Jun 08)
- Re: Quick comparison of LSNs and NAT64 Mark Andrews (Jun 09)
- Re: Quick comparison of LSNs and NAT64 Cameron Byrne (Jun 09)
- Re: Quick comparison of LSNs and NAT64 Jeff Hartley (Jun 09)
- Re: Quick comparison of LSNs and NAT64 Martin Millnert (Jun 09)
- Re: Quick comparison of LSNs and NAT64 Daniel Roesen (Jun 09)
- Re: Quick comparison of LSNs and NAT64 Jeff Hartley (Jun 09)
- Re: Quick comparison of LSNs and NAT64 Daniel Roesen (Jun 10)
- Re: Quick comparison of LSNs and NAT64 Cameron Byrne (Jun 09)
- Re: Quick comparison of LSNs and NAT64 Mark Andrews (Jun 09)
- Re: Quick comparison of LSNs and NAT64 Daniel Roesen (Jun 10)
- Re: Quick comparison of LSNs and NAT64 Mark Andrews (Jun 09)