SlideShare uma empresa Scribd logo

2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64

Y
yacc2000
Tecnologia
1 de 23
Baixar para ler offline
DNS64 and NAT64 IPv6 Migration workshop for IETF and 3GPP November 5-6, 2009 Shanghai, China Simon Perreault Viagénie simon.perreault@viagenie.ca http://www.viagenie.ca
Credentials ● Participation in the IETF BEHAVE WG – NAT traversal ● Author of a STUN and TURN server (numb.viagenie.ca) ● Editor of TURN-IPv6, TURN-TCP, ICE-TCP – IPv6 transition (== NAT removal?) ● Author of three implementations of DNS64. ● Working on three implementations of NAT64. ● Co-ported the Asterisk open-source PBX to IPv6. ● Ported the FreeSWITCH open-source PBX to IPv6. ● Consulting in IP networking at Viagénie in Québec, Canada. Copyright Viagénie 2009 2
Plan ● Tell me again: Why was NAT-PT deprecated? ● How are DNS64/NAT64 different? ● What about the other IPv6 transition technologies? ● ALGs: Do we really need them? ● How to deploy and scale? ● Our open-source DNS64/NAT64 implementations Copyright Viagénie 2009 3
Deprecation of NAT-PT ● Described in [RFC4996]. ● Issues with NAT-PT that do not apply to NAT64: – The NAT-PT box has to be the default router to snoop DNS queries. – For dual-stack hosts, the NAT-PT DNS-ALG returns both native and translated IPv6 addresses. – The NAT-PT DNS-ALG erroneously translates responses to DNS A queries from IPv6 network (and vice-versa). – One NAT binding is created per converted DNS RR, which may be more than needed. – NAT-PT is fully incompatible with DNSSEC. Copyright Viagénie 2009 4
NAT-PT for 3GPP ● From RFC4215: Appendix A - On the Use of Generic Translators in the 3GPP Networks [...] To minimize the problems associated with NAPT-PT, the following actions can be recommended: 1. Separate the DNS ALG from the NAPT-PT node (in the "IPv6 to IPv4" case). 2. Ensure (if possible) that NAPT-PT does not become a single point of failure. 3. Allow for load sharing between different translators. That is, it should be possible for different connections to go through different translators. Note that load sharing alone does not prevent NAPT-PT from becoming a single point of failure. Copyright Viagénie 2009 5
DNS64 and NAT64 ● DNS-ALG and translation functions are now separate. ● DNS64 is designed with DNSSEC in mind. ● NAT64 only deals with connections initiated from IPv6 to IPv4. – Constraining the problem space generally results in simpler, cleaner, more robust and scalable solutions. ● NAT64 doesn't need to be the default router. ● NAT64 benefits from better knowledge of NAT. Copyright Viagénie 2009 6
IPv6 network to IPv4 Internet NAT64 IPv4 Internet IPv6 Network Client Server DNS64 Connection Initiation Copyright Viagénie 2009 7
Example ● IPv6 network → 2001:db8::/64 ● NAT64 → 2001:db8::1 ● DNS64 → 2001:db8::2 ● NAT64 public IPv4 pool → 192.0.2.0/24 ● Pref64::/n → 2001:db8:8000::/96 Copyright Viagénie 2009 8
Example Auth. IPv6 Client DNS64 DNS NAT64 IPv4 Server DNS Query AAAA example.com DNS Query AAAA example.com DNS Response NXDOMAIN DNS Query A example.com DNS Response DNS Response A 203.0.113.1 AAAA 2001:db8:8000::203.0.113.1 TCP over IPv6 Destination: [2001:db8:8000::203.0.113.1]:80 Allocate NAT Source: [2001:db8::xyz]:abc binding TCP over IPv4 Destination: 203.0.113.1:80 Source: 192.0.2.45:6853 Copyright Viagénie 2009 9
IPv6 Internet to IPv4 network NAT64 IPv6 Internet IPv4 Network Server Client DNS64 Connection Initiation Copyright Viagénie 2009 10
NAT64 uses the least amount of evil possible ● Builds upon years of work on IPv4 NATs by BEHAVE working group. – [RFC4787], [RFC5382], [RFC5508], [RFC5389], and others ● NAT mapping behavior is endpoint-independent. ● NAT filtering is optional. – If enabled, behavior is address-dependent. ● TCP simultaneous-open works. ● Hairpinning works. ● Result: NAT traversal works (e.g. SIP with ICE) Copyright Viagénie 2009 11
NAT64 vs. others ● PNAT [draft-huang-behave-pnat] – Not in conflict with NAT64. – PNAT is a bump-in-the-stack technology to enable IPv4 applications to use IPv6 network for communication. – There needs to be a NAT64 in the network (modified a little). – PNAT performs DNS64 in the host. – IPv4 → IPv6 → IPv4 (PNAT) (NAT64) NAT64 Client IPv4 Internet IPv4 app. IPv6 Network PNAT, DNS64 Copyright Viagénie 2009 Server 12
NAT64 vs. others ● IVI [draft-xli-behave-ivi] – Not in conflict with NAT64. – Constraint: IPv4 public address pool big enough to assign one IPv4 address to each IPv6-only client. – Stateless. – Double IVI: Support IPv4 applications on IPv6-connected client (like PNAT). Stateless Translator Client IPv4 Internet IPv4 app. IPv6 Network IVI Copyright Viagénie 2009 13 Server DNS64
NAT64 vs. others ● Virtual IPv6 connectivity [draft-vogt-durand-virtual-ip6-connectivity] – Not in conflict with NAT64. – Different use case: IPv4 network to IPv6 Internet. – Support legacy IPv4 client devices when IPv6 Internet is well developed. – Stateful. – Communication between NAT and DNS. NAT46 IPv6 Internet IPv4 Network Client Copyright Viagénie 2009 Server 14 DNS46
ALGs ● From [RFC4924], “Reflections on Internet Transparency” (from Internet Architecture Board): No matter how well an ALG is implemented, barriers to transparency will emerge over time, so that the notion of a "transparent ALG" is a contradiction in terms. ● At the moment, an FTP ALG draft is being considered for adoption in the BEHAVE working group. – IPv6 client behind NAT64 thinks it is talking to IPv6 server and send an EPASV or EPORT command. – Server is really IPv4 and doesn't understand EPASV or EPORT. Copyright Viagénie 2009 15
ALGs ● SIP transition plan is to use ICE and TURN. [draft-ietf-sipping-v6-transition] – IPvX-only client asks TURN server for both IPv4 and IPv6 address allocations. – TURN server relays between IPv4 and IPv6. – This method could be applicable to many other protocols. ● URLs with IPv4 address literals – 2.38% of Alexa's top 1 million websites contain them. – HTTP proxy is more resource-intensive than NAT64. – Workaround: proxy auto-config file with regular expression. [draft-wing-behave-http-ip-address-literals] Copyright Viagénie 2009 16
Deployment ● Scaling – Same mechanisms as NAT44 ● Cold standby, hot standby (e.g. VRRP) ● Synchronizing state (e.g. pfsync) ● See e.g. [draft-xu-behave-nat64-standby] – DNS64-based load balancing ● Multiple NAT64 boxes, each with its own Pref64::/n. ● Sems to be safe: – Choose a Pref64::/n based on DNS query destination address. ● Seems to not be so safe: – Choose a Pref64::/n based on DNS query source address. Copyright Viagénie 2009 17
Deployment ● From [draft-ietf-behave-v6v4-framework]: As a general rule, a simple operational recommendation will work around many application issues, which is that there should be a server in each domain or an instance of the server should have an interface in each domain NAT64 DNS64 SMTP MTA IPv4 Internet IPv6 Network SIP proxy Client Copyright Viagénie 2009 18 ... Server
Ecdysis: Open-Source DNS64 and NAT64 ● Funded by NLnet and Viagénie. ● Ecdysis refers to the molting of the cuticula in arthropods, as an analogy of IPv4 molting into IPv6. After molting, the arthropod is fresh and ready to grow! Arthropods is also the expertise of the 5 years old son of one of the project leads... Copyright Viagénie 2009 19
Ecdysis: Open-Source DNS64 and NAT64 ● Three open-source implementations of DNS64 – A stand-alone implementation written in Perl for experimentation purposes. – A patch for Bind. – A patch for Unbound. – Available now at http://ecdysis.viagenie.ca ● Three open-source implementations of NAT64 – A stand-alone implementation using libpcap for experimentation purposes. – A patch for OpenBSD's pf. – A patch for Linux's Netfilter (iptables). – Available soon... Copyright Viagénie 2009 20
Implementation Considerations ● The “good NAT” behavior is different from that of pf and Netfilter. Needs separate state data structures. ● NAT64 changes the whole headers at once. pf works in two separate phases: destination first, then source. – Can't fit in the translation model pf is based on. ● Unbound is modular, Bind is monolithic. ● Found issue with TTL of synthetic AAAA records. Solution now part of the spec. – TTL(synth. AAAA) = min( TTL(A), TTL(SOA) ) ● IPv4 access for DNS64 server not needed. – Is this useful? Maybe not. Copyright Viagénie 2009 21
Conclusion ● NAT64 is a part of your IPv6 transition toolbox. ● Don't over-engineer it. It's only for transition. Copyright Viagénie 2009 22
Questions? simon.perreault@viagenie.ca This presentation: http://www.viagenie.ca/publications/ References – Open-source DNS64 and NAT64: http://ecdysis.viagenie.ca – NAT64: [draft-ietf-behave-xlate-stateful] – DNS64: [draft-ietf-behave-dns64] Copyright Viagénie 2009 23

Recomendados

NAT64 en LACNIC 18: Experimentos con NAT64 sin estado
NAT64 en LACNIC 18: Experimentos con NAT64 sin estadoNAT64 en LACNIC 18: Experimentos con NAT64 sin estado
NAT64 en LACNIC 18: Experimentos con NAT64 sin estadoCarlos Martinez Cagnazzo
 
NAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesNAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesIvan Pepelnjak
 
6Rd
6Rd6Rd
6RdFred Bovy
 
Upcoming internet challenges
Upcoming internet challengesUpcoming internet challenges
Upcoming internet challengesIvan Pepelnjak
 
IPv6 Transition Techniques
IPv6 Transition TechniquesIPv6 Transition Techniques
IPv6 Transition TechniquesAPNIC
 
Ipv6
Ipv6Ipv6
Ipv6Yan Drugalya
 
IPv6 Transition Strategies
IPv6 Transition StrategiesIPv6 Transition Strategies
IPv6 Transition StrategiesAPNIC
 
Robert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistanceRobert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistancePROIDEA
 

Recomendados

NAT64 en LACNIC 18: Experimentos con NAT64 sin estado
NAT64 en LACNIC 18: Experimentos con NAT64 sin estadoNAT64 en LACNIC 18: Experimentos con NAT64 sin estado
NAT64 en LACNIC 18: Experimentos con NAT64 sin estadoCarlos Martinez Cagnazzo
 
NAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesNAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesIvan Pepelnjak
 
6Rd
6Rd6Rd
6RdFred Bovy
 
Upcoming internet challenges
Upcoming internet challengesUpcoming internet challenges
Upcoming internet challengesIvan Pepelnjak
 
IPv6 Transition Techniques
IPv6 Transition TechniquesIPv6 Transition Techniques
IPv6 Transition TechniquesAPNIC
 
Ipv6
Ipv6Ipv6
Ipv6Yan Drugalya
 
IPv6 Transition Strategies
IPv6 Transition StrategiesIPv6 Transition Strategies
IPv6 Transition StrategiesAPNIC
 
Robert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistanceRobert Raszuk - Technologies for IPv4/IPv6 coexistance
Robert Raszuk - Technologies for IPv4/IPv6 coexistancePROIDEA
 
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 FukuokaIPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 FukuokaAPNIC
 
Introduction of ipv6
Introduction of ipv6Introduction of ipv6
Introduction of ipv6KaushikMajumder22
 
Ipv6
Ipv6Ipv6
Ipv6maha5960
 
Content over IPv6: no excuses
Content over IPv6: no excusesContent over IPv6: no excuses
Content over IPv6: no excusesIvan Pepelnjak
 
Deploying IPv6 - planning, common pitfalls and security-considerations
Deploying IPv6 - planning, common pitfalls and security-considerationsDeploying IPv6 - planning, common pitfalls and security-considerations
Deploying IPv6 - planning, common pitfalls and security-considerationsSpeedPartner GmbH
 
IPv6 introduction
IPv6 introductionIPv6 introduction
IPv6 introductionGuider Lee
 
Things I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I startedThings I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I startedFaelix Ltd
 
Leveraging IPv6 extension header for traffic engineering, by Eric Vyncke [APN...
Leveraging IPv6 extension header for traffic engineering, by Eric Vyncke [APN...Leveraging IPv6 extension header for traffic engineering, by Eric Vyncke [APN...
Leveraging IPv6 extension header for traffic engineering, by Eric Vyncke [APN...APNIC
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6Private
 
Plug and Play Using Prefix Delegation Mechanism
Plug and Play Using Prefix Delegation MechanismPlug and Play Using Prefix Delegation Mechanism
Plug and Play Using Prefix Delegation MechanismShinsuke SUZUKI
 
Compiling P4 to XDP, IOVISOR Summit 2017
Compiling P4 to XDP, IOVISOR Summit 2017Compiling P4 to XDP, IOVISOR Summit 2017
Compiling P4 to XDP, IOVISOR Summit 2017Cheng-Chun William Tu
 
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server Adapters
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server AdaptersP4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server Adapters
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server AdaptersOpen-NFP
 
Your Slice of the IPv6 Cake
Your Slice of the IPv6 CakeYour Slice of the IPv6 Cake
Your Slice of the IPv6 CakeRIPE NCC
 
P4 for Custom Identification, Flow Tagging, Monitoring and Control
P4 for Custom Identification, Flow Tagging, Monitoring and ControlP4 for Custom Identification, Flow Tagging, Monitoring and Control
P4 for Custom Identification, Flow Tagging, Monitoring and ControlOpen-NFP
 
MAP-E as IPv4 over IPv6 Technology
MAP-E as IPv4 over IPv6 TechnologyMAP-E as IPv4 over IPv6 Technology
MAP-E as IPv4 over IPv6 TechnologyAkira Nakagawa
 
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackStacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackOpen-NFP
 
Accelerating Networked Applications with Flexible Packet Processing
Accelerating Networked Applications with Flexible Packet ProcessingAccelerating Networked Applications with Flexible Packet Processing
Accelerating Networked Applications with Flexible Packet ProcessingOpen-NFP
 
Technology Updates in IPv6
Technology Updates in IPv6Technology Updates in IPv6
Technology Updates in IPv6Shinsuke SUZUKI
 
OARC 26: Scoring the Root Server System
OARC 26: Scoring the Root Server SystemOARC 26: Scoring the Root Server System
OARC 26: Scoring the Root Server SystemAPNIC
 
IPv6
IPv6IPv6
IPv6Deepraj Bhujel
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICAPNIC
 
OpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsOpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsAkihiro Motoki
 

Mais conteúdo relacionado

Mais procurados

IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 FukuokaIPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 FukuokaAPNIC
 
Content over IPv6: no excuses
Content over IPv6: no excusesContent over IPv6: no excuses
Content over IPv6: no excusesIvan Pepelnjak
 
Deploying IPv6 - planning, common pitfalls and security-considerations
Deploying IPv6 - planning, common pitfalls and security-considerationsDeploying IPv6 - planning, common pitfalls and security-considerations
Deploying IPv6 - planning, common pitfalls and security-considerationsSpeedPartner GmbH
 
IPv6 introduction
IPv6 introductionIPv6 introduction
IPv6 introductionGuider Lee
 
Things I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I startedThings I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I startedFaelix Ltd
 
Leveraging IPv6 extension header for traffic engineering, by Eric Vyncke [APN...
Leveraging IPv6 extension header for traffic engineering, by Eric Vyncke [APN...Leveraging IPv6 extension header for traffic engineering, by Eric Vyncke [APN...
Leveraging IPv6 extension header for traffic engineering, by Eric Vyncke [APN...APNIC
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6Private
 
Plug and Play Using Prefix Delegation Mechanism
Plug and Play Using Prefix Delegation MechanismPlug and Play Using Prefix Delegation Mechanism
Plug and Play Using Prefix Delegation MechanismShinsuke SUZUKI
 
Compiling P4 to XDP, IOVISOR Summit 2017
Compiling P4 to XDP, IOVISOR Summit 2017Compiling P4 to XDP, IOVISOR Summit 2017
Compiling P4 to XDP, IOVISOR Summit 2017Cheng-Chun William Tu
 
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server Adapters
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server AdaptersP4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server Adapters
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server AdaptersOpen-NFP
 
Your Slice of the IPv6 Cake
Your Slice of the IPv6 CakeYour Slice of the IPv6 Cake
Your Slice of the IPv6 CakeRIPE NCC
 
P4 for Custom Identification, Flow Tagging, Monitoring and Control
P4 for Custom Identification, Flow Tagging, Monitoring and ControlP4 for Custom Identification, Flow Tagging, Monitoring and Control
P4 for Custom Identification, Flow Tagging, Monitoring and ControlOpen-NFP
 
MAP-E as IPv4 over IPv6 Technology
MAP-E as IPv4 over IPv6 TechnologyMAP-E as IPv4 over IPv6 Technology
MAP-E as IPv4 over IPv6 TechnologyAkira Nakagawa
 
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackStacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackOpen-NFP
 
Accelerating Networked Applications with Flexible Packet Processing
Accelerating Networked Applications with Flexible Packet ProcessingAccelerating Networked Applications with Flexible Packet Processing
Accelerating Networked Applications with Flexible Packet ProcessingOpen-NFP
 
Technology Updates in IPv6
Technology Updates in IPv6Technology Updates in IPv6
Technology Updates in IPv6Shinsuke SUZUKI
 
OARC 26: Scoring the Root Server System
OARC 26: Scoring the Root Server SystemOARC 26: Scoring the Root Server System
OARC 26: Scoring the Root Server SystemAPNIC
 

Mais procurados (20)

IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 FukuokaIPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
IPv4 over IPv6 in the Venue, APRICOT-APAN 2015 Fukuoka
 
Introduction of ipv6
Introduction of ipv6Introduction of ipv6
Introduction of ipv6
 
Ipv6
Ipv6Ipv6
Ipv6
 
Content over IPv6: no excuses
Content over IPv6: no excusesContent over IPv6: no excuses
Content over IPv6: no excuses
 
Deploying IPv6 - planning, common pitfalls and security-considerations
Deploying IPv6 - planning, common pitfalls and security-considerationsDeploying IPv6 - planning, common pitfalls and security-considerations
Deploying IPv6 - planning, common pitfalls and security-considerations
 
IPv6 introduction
IPv6 introductionIPv6 introduction
IPv6 introduction
 
Things I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I startedThings I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I started
 
Leveraging IPv6 extension header for traffic engineering, by Eric Vyncke [APN...
Leveraging IPv6 extension header for traffic engineering, by Eric Vyncke [APN...Leveraging IPv6 extension header for traffic engineering, by Eric Vyncke [APN...
Leveraging IPv6 extension header for traffic engineering, by Eric Vyncke [APN...
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6
 
Plug and Play Using Prefix Delegation Mechanism
Plug and Play Using Prefix Delegation MechanismPlug and Play Using Prefix Delegation Mechanism
Plug and Play Using Prefix Delegation Mechanism
 
Compiling P4 to XDP, IOVISOR Summit 2017
Compiling P4 to XDP, IOVISOR Summit 2017Compiling P4 to XDP, IOVISOR Summit 2017
Compiling P4 to XDP, IOVISOR Summit 2017
 
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server Adapters
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server AdaptersP4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server Adapters
P4-based VNF and Micro-VNF Chaining for Servers With Intelligent Server Adapters
 
Your Slice of the IPv6 Cake
Your Slice of the IPv6 CakeYour Slice of the IPv6 Cake
Your Slice of the IPv6 Cake
 
P4 for Custom Identification, Flow Tagging, Monitoring and Control
P4 for Custom Identification, Flow Tagging, Monitoring and ControlP4 for Custom Identification, Flow Tagging, Monitoring and Control
P4 for Custom Identification, Flow Tagging, Monitoring and Control
 
MAP-E as IPv4 over IPv6 Technology
MAP-E as IPv4 over IPv6 TechnologyMAP-E as IPv4 over IPv6 Technology
MAP-E as IPv4 over IPv6 Technology
 
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackStacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStack
 
Accelerating Networked Applications with Flexible Packet Processing
Accelerating Networked Applications with Flexible Packet ProcessingAccelerating Networked Applications with Flexible Packet Processing
Accelerating Networked Applications with Flexible Packet Processing
 
Technology Updates in IPv6
Technology Updates in IPv6Technology Updates in IPv6
Technology Updates in IPv6
 
OARC 26: Scoring the Root Server System
OARC 26: Scoring the Root Server SystemOARC 26: Scoring the Root Server System
OARC 26: Scoring the Root Server System
 
IPv6
IPv6IPv6
IPv6
 

Semelhante a 2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64

Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICAPNIC
 
OpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsOpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsAkihiro Motoki
 
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Erik Ginalick
 
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504Erik Ginalick
 
IPv6 in Mobile Networks
IPv6 in Mobile NetworksIPv6 in Mobile Networks
IPv6 in Mobile NetworksAPNIC
 
Direct access for dummies
Direct access for dummiesDirect access for dummies
Direct access for dummiesAlex de Jong
 
The IPv6-Only Network
The IPv6-Only NetworkThe IPv6-Only Network
The IPv6-Only NetworkAPNIC
 
Ccna rse chp9 nat fo i_pv4
Ccna rse chp9 nat fo i_pv4Ccna rse chp9 nat fo i_pv4
Ccna rse chp9 nat fo i_pv4newbie2019
 
IPv6 in Cellular Networks
IPv6 in Cellular NetworksIPv6 in Cellular Networks
IPv6 in Cellular NetworksAPNIC
 
APNIC Update
APNIC Update APNIC Update
APNIC Update APNIC
 
Cameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway MeetingCameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway MeetingIPv6no
 
Can NAT 64 Solve IPv4 Exhaustion | IPv4 Addresses | Address Space
Can NAT 64 Solve IPv4 Exhaustion | IPv4 Addresses | Address SpaceCan NAT 64 Solve IPv4 Exhaustion | IPv4 Addresses | Address Space
Can NAT 64 Solve IPv4 Exhaustion | IPv4 Addresses | Address SpaceIPv4Mall
 
Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0Fred Bovy
 
Understanding i pv6 2
Understanding i pv6 2Understanding i pv6 2
Understanding i pv6 2srmanjuskp
 
Transition to ipv6 cgv6-edited
Transition to ipv6 cgv6-editedTransition to ipv6 cgv6-edited
Transition to ipv6 cgv6-editedFred Bovy
 
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...gogo6
 

Semelhante a 2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64 (20)

Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNIC
 
OpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsOpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 Lessons
 
I pv6
I pv6I pv6
I pv6
 
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
 
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504
 
IPv6 in Mobile Networks
IPv6 in Mobile NetworksIPv6 in Mobile Networks
IPv6 in Mobile Networks
 
Direct access for dummies
Direct access for dummiesDirect access for dummies
Direct access for dummies
 
The IPv6-Only Network
The IPv6-Only NetworkThe IPv6-Only Network
The IPv6-Only Network
 
Ccna rse chp9 nat fo i_pv4
Ccna rse chp9 nat fo i_pv4Ccna rse chp9 nat fo i_pv4
Ccna rse chp9 nat fo i_pv4
 
IPv6 in Cellular Networks
IPv6 in Cellular NetworksIPv6 in Cellular Networks
IPv6 in Cellular Networks
 
Enabling IPv6 Services Transparently
Enabling IPv6 Services TransparentlyEnabling IPv6 Services Transparently
Enabling IPv6 Services Transparently
 
APNIC Update
APNIC Update APNIC Update
APNIC Update
 
Cameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway MeetingCameron - TMO IPv6 Norway Meeting
Cameron - TMO IPv6 Norway Meeting
 
Can NAT 64 Solve IPv4 Exhaustion | IPv4 Addresses | Address Space
Can NAT 64 Solve IPv4 Exhaustion | IPv4 Addresses | Address SpaceCan NAT 64 Solve IPv4 Exhaustion | IPv4 Addresses | Address Space
Can NAT 64 Solve IPv4 Exhaustion | IPv4 Addresses | Address Space
 
Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0Fb i pv6-sparchimanv1.0
Fb i pv6-sparchimanv1.0
 
Understanding i pv6 2
Understanding i pv6 2Understanding i pv6 2
Understanding i pv6 2
 
Transition to ipv6 cgv6-edited
Transition to ipv6 cgv6-editedTransition to ipv6 cgv6-edited
Transition to ipv6 cgv6-edited
 
Neutron IPv6
Neutron IPv6Neutron IPv6
Neutron IPv6
 
IPv6 on the Interop Network
IPv6 on the Interop NetworkIPv6 on the Interop Network
IPv6 on the Interop Network
 
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
 

Último

The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Último (20)

The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64

  • 1. DNS64 and NAT64 IPv6 Migration workshop for IETF and 3GPP November 5-6, 2009 Shanghai, China Simon Perreault Viagénie simon.perreault@viagenie.ca http://www.viagenie.ca
  • 2. Credentials ● Participation in the IETF BEHAVE WG – NAT traversal ● Author of a STUN and TURN server (numb.viagenie.ca) ● Editor of TURN-IPv6, TURN-TCP, ICE-TCP – IPv6 transition (== NAT removal?) ● Author of three implementations of DNS64. ● Working on three implementations of NAT64. ● Co-ported the Asterisk open-source PBX to IPv6. ● Ported the FreeSWITCH open-source PBX to IPv6. ● Consulting in IP networking at Viagénie in Québec, Canada. Copyright Viagénie 2009 2
  • 3. Plan ● Tell me again: Why was NAT-PT deprecated? ● How are DNS64/NAT64 different? ● What about the other IPv6 transition technologies? ● ALGs: Do we really need them? ● How to deploy and scale? ● Our open-source DNS64/NAT64 implementations Copyright Viagénie 2009 3
  • 4. Deprecation of NAT-PT ● Described in [RFC4996]. ● Issues with NAT-PT that do not apply to NAT64: – The NAT-PT box has to be the default router to snoop DNS queries. – For dual-stack hosts, the NAT-PT DNS-ALG returns both native and translated IPv6 addresses. – The NAT-PT DNS-ALG erroneously translates responses to DNS A queries from IPv6 network (and vice-versa). – One NAT binding is created per converted DNS RR, which may be more than needed. – NAT-PT is fully incompatible with DNSSEC. Copyright Viagénie 2009 4
  • 5. NAT-PT for 3GPP ● From RFC4215: Appendix A - On the Use of Generic Translators in the 3GPP Networks [...] To minimize the problems associated with NAPT-PT, the following actions can be recommended: 1. Separate the DNS ALG from the NAPT-PT node (in the "IPv6 to IPv4" case). 2. Ensure (if possible) that NAPT-PT does not become a single point of failure. 3. Allow for load sharing between different translators. That is, it should be possible for different connections to go through different translators. Note that load sharing alone does not prevent NAPT-PT from becoming a single point of failure. Copyright Viagénie 2009 5
  • 6. DNS64 and NAT64 ● DNS-ALG and translation functions are now separate. ● DNS64 is designed with DNSSEC in mind. ● NAT64 only deals with connections initiated from IPv6 to IPv4. – Constraining the problem space generally results in simpler, cleaner, more robust and scalable solutions. ● NAT64 doesn't need to be the default router. ● NAT64 benefits from better knowledge of NAT. Copyright Viagénie 2009 6
  • 7. IPv6 network to IPv4 Internet NAT64 IPv4 Internet IPv6 Network Client Server DNS64 Connection Initiation Copyright Viagénie 2009 7
  • 8. Example ● IPv6 network → 2001:db8::/64 ● NAT64 → 2001:db8::1 ● DNS64 → 2001:db8::2 ● NAT64 public IPv4 pool → 192.0.2.0/24 ● Pref64::/n → 2001:db8:8000::/96 Copyright Viagénie 2009 8
  • 9. Example Auth. IPv6 Client DNS64 DNS NAT64 IPv4 Server DNS Query AAAA example.com DNS Query AAAA example.com DNS Response NXDOMAIN DNS Query A example.com DNS Response DNS Response A 203.0.113.1 AAAA 2001:db8:8000::203.0.113.1 TCP over IPv6 Destination: [2001:db8:8000::203.0.113.1]:80 Allocate NAT Source: [2001:db8::xyz]:abc binding TCP over IPv4 Destination: 203.0.113.1:80 Source: 192.0.2.45:6853 Copyright Viagénie 2009 9
  • 10. IPv6 Internet to IPv4 network NAT64 IPv6 Internet IPv4 Network Server Client DNS64 Connection Initiation Copyright Viagénie 2009 10
  • 11. NAT64 uses the least amount of evil possible ● Builds upon years of work on IPv4 NATs by BEHAVE working group. – [RFC4787], [RFC5382], [RFC5508], [RFC5389], and others ● NAT mapping behavior is endpoint-independent. ● NAT filtering is optional. – If enabled, behavior is address-dependent. ● TCP simultaneous-open works. ● Hairpinning works. ● Result: NAT traversal works (e.g. SIP with ICE) Copyright Viagénie 2009 11
  • 12. NAT64 vs. others ● PNAT [draft-huang-behave-pnat] – Not in conflict with NAT64. – PNAT is a bump-in-the-stack technology to enable IPv4 applications to use IPv6 network for communication. – There needs to be a NAT64 in the network (modified a little). – PNAT performs DNS64 in the host. – IPv4 → IPv6 → IPv4 (PNAT) (NAT64) NAT64 Client IPv4 Internet IPv4 app. IPv6 Network PNAT, DNS64 Copyright Viagénie 2009 Server 12
  • 13. NAT64 vs. others ● IVI [draft-xli-behave-ivi] – Not in conflict with NAT64. – Constraint: IPv4 public address pool big enough to assign one IPv4 address to each IPv6-only client. – Stateless. – Double IVI: Support IPv4 applications on IPv6-connected client (like PNAT). Stateless Translator Client IPv4 Internet IPv4 app. IPv6 Network IVI Copyright Viagénie 2009 13 Server DNS64
  • 14. NAT64 vs. others ● Virtual IPv6 connectivity [draft-vogt-durand-virtual-ip6-connectivity] – Not in conflict with NAT64. – Different use case: IPv4 network to IPv6 Internet. – Support legacy IPv4 client devices when IPv6 Internet is well developed. – Stateful. – Communication between NAT and DNS. NAT46 IPv6 Internet IPv4 Network Client Copyright Viagénie 2009 Server 14 DNS46
  • 15. ALGs ● From [RFC4924], “Reflections on Internet Transparency” (from Internet Architecture Board): No matter how well an ALG is implemented, barriers to transparency will emerge over time, so that the notion of a "transparent ALG" is a contradiction in terms. ● At the moment, an FTP ALG draft is being considered for adoption in the BEHAVE working group. – IPv6 client behind NAT64 thinks it is talking to IPv6 server and send an EPASV or EPORT command. – Server is really IPv4 and doesn't understand EPASV or EPORT. Copyright Viagénie 2009 15
  • 16. ALGs ● SIP transition plan is to use ICE and TURN. [draft-ietf-sipping-v6-transition] – IPvX-only client asks TURN server for both IPv4 and IPv6 address allocations. – TURN server relays between IPv4 and IPv6. – This method could be applicable to many other protocols. ● URLs with IPv4 address literals – 2.38% of Alexa's top 1 million websites contain them. – HTTP proxy is more resource-intensive than NAT64. – Workaround: proxy auto-config file with regular expression. [draft-wing-behave-http-ip-address-literals] Copyright Viagénie 2009 16
  • 17. Deployment ● Scaling – Same mechanisms as NAT44 ● Cold standby, hot standby (e.g. VRRP) ● Synchronizing state (e.g. pfsync) ● See e.g. [draft-xu-behave-nat64-standby] – DNS64-based load balancing ● Multiple NAT64 boxes, each with its own Pref64::/n. ● Sems to be safe: – Choose a Pref64::/n based on DNS query destination address. ● Seems to not be so safe: – Choose a Pref64::/n based on DNS query source address. Copyright Viagénie 2009 17
  • 18. Deployment ● From [draft-ietf-behave-v6v4-framework]: As a general rule, a simple operational recommendation will work around many application issues, which is that there should be a server in each domain or an instance of the server should have an interface in each domain NAT64 DNS64 SMTP MTA IPv4 Internet IPv6 Network SIP proxy Client Copyright Viagénie 2009 18 ... Server
  • 19. Ecdysis: Open-Source DNS64 and NAT64 ● Funded by NLnet and Viagénie. ● Ecdysis refers to the molting of the cuticula in arthropods, as an analogy of IPv4 molting into IPv6. After molting, the arthropod is fresh and ready to grow! Arthropods is also the expertise of the 5 years old son of one of the project leads... Copyright Viagénie 2009 19
  • 20. Ecdysis: Open-Source DNS64 and NAT64 ● Three open-source implementations of DNS64 – A stand-alone implementation written in Perl for experimentation purposes. – A patch for Bind. – A patch for Unbound. – Available now at http://ecdysis.viagenie.ca ● Three open-source implementations of NAT64 – A stand-alone implementation using libpcap for experimentation purposes. – A patch for OpenBSD's pf. – A patch for Linux's Netfilter (iptables). – Available soon... Copyright Viagénie 2009 20
  • 21. Implementation Considerations ● The “good NAT” behavior is different from that of pf and Netfilter. Needs separate state data structures. ● NAT64 changes the whole headers at once. pf works in two separate phases: destination first, then source. – Can't fit in the translation model pf is based on. ● Unbound is modular, Bind is monolithic. ● Found issue with TTL of synthetic AAAA records. Solution now part of the spec. – TTL(synth. AAAA) = min( TTL(A), TTL(SOA) ) ● IPv4 access for DNS64 server not needed. – Is this useful? Maybe not. Copyright Viagénie 2009 21
  • 22. Conclusion ● NAT64 is a part of your IPv6 transition toolbox. ● Don't over-engineer it. It's only for transition. Copyright Viagénie 2009 22
  • 23. Questions? simon.perreault@viagenie.ca This presentation: http://www.viagenie.ca/publications/ References – Open-source DNS64 and NAT64: http://ecdysis.viagenie.ca – NAT64: [draft-ietf-behave-xlate-stateful] – DNS64: [draft-ietf-behave-dns64] Copyright Viagénie 2009 23