The presentation is about v6-only network deployments using NAT64+DNS64 and not necessarily suggests eliminating dual stack.
The major focus of the talk is to discuss about the value of v6-only deployments and an example of a simple deployment using jool and bind9 on ubuntu server.
4. More checks
• v6-only host can SSH to v4-only machine:
$ ssh awal@64:ff9b::192.168.51.160
awal@64:ff9b::192.168.51.160's password:
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-87-generic x86_64)
Last login: Thu Apr 11 16:12:24 2019 from 192.168.34.49
$
5. What is an
IPv6-Only
network?
• Not dual-stack
• Users get only IPv6 network
parameters (i.e. Address, Prefix,
Gateway and DNS)
• local gateway routes only IPv6, no
IPv4
• Most routers and infrastructure have
only IPv6 addresses
• IPv4 is offered to users as a service,
over IPv6
• Protocol translations required for
IPv4 only destinations
6. Why going
v6-only?
• Operational Simplicity
- Single stack infrastructure
• Avoids doing redundant tasks:
- 2x ACLs / firewall rules
- 2x monitoring targets
- 2x places where errors can occur
• Doing NAT that actually gets smaller
day by day (NAT64)
- Solving current IPv4 issues
- Getting rid of expensive CGNAT
• Enhanced security
- Reduction of attack surface
7. Building blocks
• Address distribution
- SLAAC/DHCPv6
• NAT64 (RFC 6144-6146)
- Supported by OEMs
- Server based tools: Jool, Tayga etc.
• DNS64 (RFC 6147)
- Included in Bind9
- Google public DNS64
• Support of IPv6 at end-user device
- No additional configuration is required
8. Topology
consideration
(It’s not a mandatory
in-line thing) Router
Router
Router
(SLAAC)
NAT64
+
DNS64
NAT64
Router
DHCPv6
DNS64
v6+v4
v6
Internet Internet
v6+v4
v6
v4
v6
v6
v6
v6
v6 v6
9. Tools used for
our v6only
network
• One box did it all
- Ubuntu Server 16.04 LTS
• Address distribution
- SLAAC with RADVD
• NAT64
- Jool 4.0.0
- NAT64 prefix: 64:ff9b::/96
• DNS64
- Bind9
• Wireless AP
- MikroTik
v6+v4
v6
Ubuntu Server
with radvd, jool
and bind9
Internet