Greenfield 464XLAT (In January)

Mark Andrews marka at isc.org
Wed Jun 10 22:37:38 UTC 2015


In message <CAD6AjGT8GZuS5_pu4+z2UcqOMFOn8k_i8GdtQ0bwmvy3Un1EOg at mail.gmail.com>
, Ca By writes:
> On Wed, Jun 10, 2015 at 1:22 PM, Nicholas Warren <nwarren at barryelectric.com>
> wrote:
> 
> > Sincere apologies if this e-mail is inappropriate for this audience,
> > We are (going to be) a startup ISP building a new network from the ground
> > up. I was hoping I could get an opinion, or two, on how everyone feels
> > about 464XLAT. I saw what everyone was saying about it in the 'Android
> > doesn't support DHCPv6' discussion, but what about in the wireline side of
> > things? The main reason we are even considering 464XLAT as opposed to
> > dual-stack (the latter is, in my ignorant opinion, the better option.) is
> > the fear of IPv4 depletion that we think might hit ARIN between now and the
> > start of next year; causing us to pay a premium for IPv4 in the gray
> > market. So I guess the real question here would be: is our fear real, or is
> > it just bug on the wall? If our fear is real, what should we implement so
> > that our users can still get to the v4 internet, are we even thinking
> > soberly by suggesting 464XLAT?
> > Thanks,
> > - Nich
> >
> >
> Yes, your fears about IPv4 are correct.
> 
> If you have a look at ARIN PPML lately, you can see some pretty intense
> "discussion" about companies exporting ARIN addresses to CCNIC and so on.
> 
> As a greenfield, you should definitely be focused on IPv6-only to the edge
> solutions.  DS-lite, MAP-E, and 464XLAT come to mind.
> 
> DS-lite is the oldest and most common in wireline.  464XLAT is more common
> in mobile. MAP-E and MAP-T have not yet been deployed at the same scale as
> DS-lite and 464XLAT yet AFAIK, not sure if they will be.
> 
> You could also simply do dual-stack with private space and CGN to the end
> user using RFC1918 (10.0.0.0/8,  100.64.0.0/10)
> 
> Regards,
> CB

464XLAT is a abomination that grew from NAT64/DNS64 despite DNS64
not working with DNSSEC.  NAT64/DNS64 was pushed as a "short term
solution" as DNS64 cuts off IPv4 access if there is a IPv6 address
for the remote site as the client only asks for AAAA addresses.

In practice the address selection rules move most traffic from IPv4
to IPv6 anyway so there is no need to have DNS64.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the NANOG mailing list