> On 27 Sep 2018, at 4:22 am, Matt Hoppes <[email protected]>
> wrote:
>
> Thanks... that is what I don't understand: Why is NAT64 such a difficult
> concept to put into routers and firewalls? We already do NAT with IPv4 just
> fine.
It’s not s difficult concept but you need to remember NAT44 breaks stuff and
NAT64/NAT46 breaks more stuff.
> I feel like IPv6 adoption would be much faster if there was a transition
> mechanism other than dual stacking.
Dual stacking is SIMPLE. REALLY. Turn on IPv6 with the M bit set and
configure the DHCPv6 server. If you don’t need that level of control of
address assignments leave the M bit off. 99.99% of your machines will just add
a second address to the interface without you having to do anything more.
> Think: Corporate offices. Rather than renumbering everything inside, they
> just turn on NAT64 and now they can begin a slow and controlled transition.
Getting to IPv6 resources from IPv4 address is a *much* harder problem that
getting to IPv4 resources from IPv6 which is what you are describing here with
the “no renumber everything as they already have a IPv4 address” requirement.
NAT64 allows IPv6 devices to get to legacy IPv4 servers. To allow IPv4 devices
to get to IPv6 servers you need to map the IPv6 addresses you want to talk to
in to a pool of IPv4 addresses and push that mapping to a NAT46 (not NAT64)
device.
Go dual stack then, once IPv6 is stable, turn off IPv4 if you want to be single
stacked. You are then no longer dependent on the services you want want to
access continuing to be offered over IPv4. 464XLAT will only work as a stop
gap for IPv4 clients while services are offered over IPv4. After ~20 years of
IPv6 being available (Windows XP had IPv6 support and it was not the first
major OS to have it) just turn on IPv6.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
