On 14 January 2012 10:28, Rob Evans <[email protected]> wrote:
>> Then, have the ISP do some magic* to make IPv4 visible.
>> * I'll leave it as an exercise to those more sober and less tired to
>> solve that problem. But I guess it'd mean some clever DNS
>> capture/re-map for all locations which don't have AAAA addresses,
>> remap them to a local 6 to 4 "proxy".
>
>
> I think you mean DNS64 and NAT64.
>
> http://tools.ietf.org/html/rfc6146
> http://en.wikipedia.org/wiki/NAT64
I've been thinking about this for a while, and mangling DNS seems like
a real dirty way of doing this.
As is painfully apparent, most of the world if v4 only at the moment -
and the various DNS ALGs etc for getting v4 connectivity onto v6 only
connections seem "hackish" at best, and have real problems when it
comes to things such as 1500-byte v4 packets needing fragmenting to
travel over v6 nets.
While playing with my local ssh daemon, I was reminded that inside my
ssh client is a SOCKS5 server - I can connect to it by just setting my
global SOCKS setting to use the localhost and all the traffic is
forwarded down the tunnel to the remote host for processing.
I was wondering whether anyone had any experience in setting a SOCKS
proxy on a v6-only host, where the DNS/SOCKS proxies have both v4 and
v6 addressing, and whether they can then access v4 services like web
sites, mail servers, gaming applications etc. The basic idea is that
you would use the v6 internet where possible, and go through your ISPs
v4 SOCKS gateway for anything that didn't return a AAAA record. Is
that idea right, and if so, is it sustainable?
Assuming for the moment that I've made a correct assumption, is there
a way we can make the process easier? Back in v4 world, there's DHCP
option 252 which allows you to configure a WPAD file that would be
downloaded and parsed by your web browser, setting HTTP proxies etc
for certain classes of service - non-local traffic etc. Is it feasible
to add an option to DHCPv6 so that a "v4 compatibility" string could
be set, whereby a fall-back SOCKS server is used for non-v6
connections?
Thinking off the top of my head, it would work as follows for the
"no-clue" home user:
User's router talks to ISP via DHCPv6:
gets response detailing address to use
also gets prefix delegation for local LAN usage
also gets v4 compatibility string, which it stores for relaying to clients
User's router listens for DHCPv6 requests, issues clients on local LAN
public v6 addresses:
sets option for v4-compatibility for clients
User's computer turns on, asks for addressing information:
gets v6 address via DHCPv6
gets v4-compatibility string and sets global SOCKS proxy variable,
if not manually configured
gets other string - DNS servers, routes etc.
I stress that this idea is for v6/v4 co-existence, and isn't designed
for "islands of v4" or "islands of v6", it would of course assume that
v4 availability is restricted and a real effort to move to v6 was
made. It's a transition mechanism that should be easy to turn off once
most of the services have been migrated (hopefully transparently to
the end customer).
If there is a major flaw in my idea, I'd greatly appreciate
constructive criticism and feedback!
Matthew Walster
