Look at MAP-T (RFC 7599) and MAP-E (RFC 7597) if you wish to reduce the amount 
of logging your need to do.

They don’t require DNS64 so they don’t break DNSSEC.

MAP-T can be used with NAT64 if you have already deployed DNS64/NAT64.


> On 16 Apr 2018, at 3:21 pm, Philip Loenneker 
> <philip.loenn...@tasmanet.com.au> wrote:
> Hi all,
> Due to ever-decreasing IPv4, I’ve been investigating the possibility of 
> providing IPv6-only Internet connections for customers. There are 2 key 
> issues:
>       • Client devices that are IPv4-only
>       • Internet resources that are IPv4-only
> For the client-side issue, I’m following up with our CPE vendor to see if 
> 464XLAT or similar is available. I’ll be labbing it up in the near future, 
> but am hoping they can save me some time. Failing that, we may need to resort 
> to CGNAT, but I’m hoping to avoid it.
> For the Internet-side issue, I’m looking into options such as NAT64 (DNS64 is 
> available on our resolvers, just not enabled). Some common options I’ve found 
> include:
> Jool.mx - seems like a well-used option, last updated in January this year. 
> Doesn’t appear to have good logging for NAT translations, might be possible 
> with full debug logs but that is noisy.
> Tayga - looks like it hasn’t had an update since 2011, and may not support 
> current Linux kernel versions. Couldn’t find information on what logging is 
> available.
> Palo Alto PAN-OS - appears to have NAT64 functionality since 2013 and have 
> regular updates. Lots of logging available. Commercial product (not that that 
> is a show stopper).
> Wrapsix – claims to be one of the fastest implementations, last update around 
> 5 months ago. Only supports a single IPv4 address – I suspect that won’t 
> handle the load for us.
> Ecdysis – looks like it hasn’t had an update since 2014, however claims to be 
> included in OpenBSD 5.1+ core release.
> Various hardware, including Juniper, Cisco. I was disappointed to not find 
> anything on Cumulus or Open Network Linux.
> Most of the information related to implementing this kind of thing is 
> international, which means they don’t care about Australia-specific things 
> like Data Retention.
> I’m wondering if anyone out there has any tips on NAT64 or similar products 
> that do or do not allow you to collect the necessary information for Data 
> Retention. I appreciate any thoughts, on or off list.
> Regards,
> Philip Loenneker | Network Engineer | TasmaNet
> 40-50 Innovation Drive, Dowsing Point, Tas 7010, Australia
> P: 1300 792 711
> philip.loenne...@tasmanet.com.au
> www.tasmanet.com.au
> _______________________________________________
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: ma...@isc.org

AusNOG mailing list

Reply via email to