quietly....

Mark Andrews marka at isc.org
Fri Feb 4 16:44:00 CST 2011


In message <FE7943DF-6A3A-478F-AF40-DE4D3592FB1D at puck.nether.net>, Jared Mauch 
writes:
> 
> On Feb 4, 2011, at 4:32 PM, Mark Andrews wrote:
> 
> >=20
> > In message <201102041140.42719.lowen at pari.edu>, Lamar Owen writes:
> >> On Friday, February 04, 2011 09:05:09 am Derek J. Balling wrote:
> >>> I think they'll eventually notice a difference. How will an =
> IPv4-only inter
> >> nal host know what to do with an IPv6 AAAA record it gets from a DNS =
> lookup?
> >>=20
> >> If the CPE is doing DNS proxy (most do) then it can map the AAAA =
> record to an
> >> A record it passes to the internal client, with an internal address =
> for the=20
> >> record chosen from RFC1918 space, and perform IPv4-IPv6 1:1 NAT from =
> the assi
> >> gned RFC1918 address to the external IPv6 address from the AAAA =
> record (since
> >> you have at least a /64 at your CPE, you can even use the RFC1918 =
> address in
> >> the lower 32 bits.... :-P). =20
> >>=20
> >> This may already be a standard, or a draft, or implemented somewhere; =
> I don't
> >> know.  But that is how I would do it, just thinking off the top of my =
> head.
> >>=20
> >=20
> > DS-lite delivers a IPv4 softwire over a IPv6 upstream.  It also
> > introduces less problems than NAT64 as it works with DNSSEC and
> > with IPv4 literal.  Along with DS-lite there is a UPNP replacement
> > designed to work with distributed NATs (DS-Lite (AFTR+B4) and NAT444
> > (LSN + CPE NAT)) so that holes can be punched threw multiple devices
> > if needed.
> 
> I've yet to see a version of ALG that isn't buggy (eg: Cisco SIP-ALG, =
> 2Wire/ATT uverse sip-alg is seriously broken, same for either dlink or =
> netgear... we have to turn it off otherwise it does bad things).

And you reported the bugs.
 
> I'm sure that LSN activity is going to work "great" for the carriers.

Yes it is a worry which is why we want people to move to IPv6 and
not use NAT.  Less things to go wrong.  A firewall only has to react
to the traffic not re-write it.  One lesa thing to go wrong.

> - jared=
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org




More information about the NANOG mailing list