Fabian, I'm wondering if you are not intentionally making things difficult for yourself by introducing NAT64?
I think that you are at a University? - so maybe you do want complicated - or a separate IPv6 network - in which case ignore the rest of this e-mail. However: From a Customers prospective, they usually do not care whether they are on IPv4 or IPV6 (or both) - as long as the Internet "works". IPv4 is going to be around for a while - so don't even think about switching that off yet - unless its for some experiment. You should not need IPv6 only either - we have quite a few IPv4 addresses left in AFRINIC (and there is always (Uhg) NAT). So, when I introduced IPv6 at my ISP, I took the idea that everything that exists with an IPv4 address should also have an equivalent IPv6 address. I started with my Cisco Routers - and my core. Interconnection and Peering lines were "dual stacked" - rather the Routers were. There is also nothing wrong with tunnels - if your upstream can not do IPv6 yet. Hurricane Electric will accept a tunnel end point and allow BGP so you can use your own network addresses. I then enabled IPv6 on core systems such as Mail, Web and DNS servers - making sure that all services could run on both protocols. All support machines were also dual-stacked. This way - we could see that everything pretty much worked as usual. Systems were also modified to allow for longer IPv6 addresses in the DNS, Apache configs, Logs - etc DNS was configured to listen on IPv6 (which we initially forgot). All management systems were extended to include IPv6 addresses. Lastly - IPv6 was pushed out to a few customers. My idea was to make sure everything was available on both address schemes. In addition, I also had an IPv6 only machine - so I could test for connectivity, being pretty sure that IPv4 only machines could see everything necessary. I still have some manageable switches that do IPv4 only :-( I've been purchasing IPv6 capable printers for a few years now and most access points (wifi access) have been reloaded with firmware that does IPv6 as well. There are some odd and/or old machines that may never do IPv6. They'll eventually die and be replaced. I know in the early days of IPv6, some people designed a separate IPv6 network but I believe most simply dual-stack now. For addresses, if a machine has a static address (Nameserver, Web/Mail server, Router - etc) - I try and keep addresses simple and guessable. I have 160.124.0.0/16 and 2001:42a0::/32 My main server is on 160.124.48.1/24 - so I made the IPv6 2001:42a0:1000:48::1/64 The odd '1000' gives the geographical region that the "48" network exists in, otherwise it pretty much a 1:1 match. This works for me just fine - but then I was fortunate enough to start out with a big chunk of IPv4 address space. Try and not make things more complicated than necessary. On 13/05/2016 10:01, John Hay wrote: > Hi Fabian, > > Our approach was to deploy dual stack, so every router, server and host > have an IPv6 and an IPv4 address. So if something wants to communicate > with another device that have an IPv6 address, it will use its IPv6 > address as the source. If it wants to communicate with a device that > have an IPv4 address, it will use its IPv4 address as the source. If it > wants to communicate with a device that have both IPv6 and IPv4 > addresses, it depends on the OS what is preferred. > > That way we do not need NAT64. We will phase out IPv4 when it is not > needed anymore for internet or local communication. > > Regards > > John > > > On 13 May 2016 at 09:35, Fabian Jr <[email protected] > <mailto:[email protected]>> wrote: > > thanks Noah > > > > /Arbogast Fabian,/ > /cell:+255-78-447-8387 <tel:%2B255-78-447-8387>/ > > > ------------------------------------------------------------------------ > Date: Fri, 13 May 2016 10:00:37 +0300 > From: [email protected] <mailto:[email protected]> > To: [email protected] <mailto:[email protected]> > Subject: Re: [AfrIPv6-Discuss] NAT64 for Dual Stacking! > > Hi Fabian, > > The Cisco ASR boxes support what you seek to implement. You can > check out the ASR1K if you have the budget. > > The Juniper MX series do support what you seek to implement. > > You may find this article fundamentally interesting... > > > https://supportforums.cisco.com/document/112121/ipv6-stateful-nat64-configuration-example > > Cheers, > > Noah > > On Fri, May 13, 2016 at 7:44 AM, Fabian Jr <[email protected] > <mailto:[email protected]>> wrote: > > Folks… > > We are looking into way we can gradually deploy IPv6 in our network… > > Already we have it running and we have one Test Machine……. The > challenge we are facing is that from that machine with IPv6 and > from other Machines with IPv4 we can’t communicate in either > direction.. > > IPv6 Machine just communicate with IPv6 only machines like wise > IPv4 Machines just communicate with IPv4 machines …. > > A work around is to do NAT64 between the two subnets…. > > It seems the hardware (Cisco 2921 router with IOS Version 15.0) > can’t do NAT64…….. > > From the internet it seems NAT64 runs on IOS-XE and IOS-CGSE > which are Hardware dependent……..seems that we can’t upgrade IOS > Version 15.0 to any the two which supports NAT64. > > Before committing any expenses to acquire new router we want to > reach out to the community for comments and advises…. > > Pls. review and advise. > > Thank you… > > > > /Arbogast Fabian,/ > /cell:+255-78-447-8387/ > > _______________________________________________ > AfrIPv6-Discuss mailing list > [email protected] <mailto:[email protected]> > https://lists.afrinic.net/mailman/listinfo/afripv6-discuss > > > > > -- > *./noah* > > _______________________________________________ AfrIPv6-Discuss > mailing list [email protected] > <mailto:[email protected]> > https://lists.afrinic.net/mailman/listinfo/afripv6-discuss > > _______________________________________________ > AfrIPv6-Discuss mailing list > [email protected] <mailto:[email protected]> > https://lists.afrinic.net/mailman/listinfo/afripv6-discuss > > > > > _______________________________________________ > AfrIPv6-Discuss mailing list > [email protected] > https://lists.afrinic.net/mailman/listinfo/afripv6-discuss > -- Mark James ELKINS - Posix Systems - (South) Africa [email protected] Tel: +27.128070590 Cell: +27.826010496 For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ AfrIPv6-Discuss mailing list [email protected] https://lists.afrinic.net/mailman/listinfo/afripv6-discuss
