Look at MAP-T (RFC 7599) and MAP-E (RFC 7597) if you wish to reduce the amount of logging your need to do.
They don’t require DNS64 so they don’t break DNSSEC. MAP-T can be used with NAT64 if you have already deployed DNS64/NAT64. Mark > On 16 Apr 2018, at 3:21 pm, Philip Loenneker > <philip.loenn...@tasmanet.com.au> wrote: > > Hi all, > > Due to ever-decreasing IPv4, I’ve been investigating the possibility of > providing IPv6-only Internet connections for customers. There are 2 key > issues: > • Client devices that are IPv4-only > • Internet resources that are IPv4-only > > For the client-side issue, I’m following up with our CPE vendor to see if > 464XLAT or similar is available. I’ll be labbing it up in the near future, > but am hoping they can save me some time. Failing that, we may need to resort > to CGNAT, but I’m hoping to avoid it. > > For the Internet-side issue, I’m looking into options such as NAT64 (DNS64 is > available on our resolvers, just not enabled). Some common options I’ve found > include: > Jool.mx - seems like a well-used option, last updated in January this year. > Doesn’t appear to have good logging for NAT translations, might be possible > with full debug logs but that is noisy. > Tayga - looks like it hasn’t had an update since 2011, and may not support > current Linux kernel versions. Couldn’t find information on what logging is > available. > Palo Alto PAN-OS - appears to have NAT64 functionality since 2013 and have > regular updates. Lots of logging available. Commercial product (not that that > is a show stopper). > Wrapsix – claims to be one of the fastest implementations, last update around > 5 months ago. Only supports a single IPv4 address – I suspect that won’t > handle the load for us. > Ecdysis – looks like it hasn’t had an update since 2014, however claims to be > included in OpenBSD 5.1+ core release. > Various hardware, including Juniper, Cisco. I was disappointed to not find > anything on Cumulus or Open Network Linux. > > Most of the information related to implementing this kind of thing is > international, which means they don’t care about Australia-specific things > like Data Retention. > > I’m wondering if anyone out there has any tips on NAT64 or similar products > that do or do not allow you to collect the necessary information for Data > Retention. I appreciate any thoughts, on or off list. > > Regards, > Philip Loenneker | Network Engineer | TasmaNet > 40-50 Innovation Drive, Dowsing Point, Tas 7010, Australia > P: 1300 792 711 > philip.loenne...@tasmanet.com.au > www.tasmanet.com.au > > _______________________________________________ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog