Hi, [ off-topic for boot@, hence dropped ] On Sun, Sep 09, 2012 at 11:34:31AM +0200, Florian Lohoff wrote: > On Sat, Sep 08, 2012 at 11:43:11PM +0200, Philipp Kern wrote: > > Probably not RFC1918 addresses, but CGN ranges. And it's probably DNS64 which > > breaks "stuff", rather than NAT64. There's also an effort in the IETF to spec > > out 464XLAT, which will help the remaining cases of old software / network > > stacks. > NAT64 without DNS64 is of no real use - so yes - i meant DNS64 - It > breaks at least DNSSEC and still NAT64 will most likely not work for all > the little interesting protocols like SIP, FTP and the like because ALGs > are to expensive for the vendors. On the other hand CGN (with the > 100.64.0.0/10 address space) will most likely also not support ALGs, but > in NAT44 world we are dealing with this for years. I think they will do inspection for SIP, FTP and the like. Current NAT boxes already do. But then I loathe it because it does not work at all if any encryption is employed. NAT64 without DNS64 would be of real use if the stacks could be told the translation space. > > But as Bastian said, and which you ignored, there's DS-lite for tunneling of > > IPv4 over IPv6 to the provider. Which is not exactly NAT44. > Right - DS Light is tunneling - but the IPv4 depletion will not be > solved by it. You simply change the endpoint of your v4 session. > > I have seen DS Light on Power-Point from big ISPs like DTAG and > O2/Telefonica and i have seen it on PowerPoint from Vendors like Juniper, > Cisco and Ericsson/Redback. Yet i fail to find a good explanation what > DS Lite solves? What is the benefit to Dual Stack? You tunnel IPv4 over IPv6. Hence the CPE only needs to communicate by IPv6 on the WAN side. The CPE also sees the internal IPs behind the CPE (no NAT44 on the CPE) and sets up a mapping from [IPv4, Port] to [IPv6, internal IPv4, internal Port]. So you save the double NAT44. Some CGNs seem to be able to do uPNP for port forwards, too (as the CGN sees the internal address in the CPE's LAN, it can forward the packets to the right place). But then obviously this is stateful. Cisco and the IETF seems to develop something called MAP which is stateless and maps v6 address info into v4 address and port number. Crazy stuff. > One reason this might get interesting is Vendor Licensing or Linecard > Codespace - A Dualstack session requires twice the amount of resources > on the linecards so all vendors halved their max-subscriber count with > Dualstack. If one shifts aways the CGN/DS Lite concentrator from the > BRAS one could save resources. But its just a matter of shifting > resources and money around. RFC1925 (6) It is easier to move a problem > around than it is to solve it. 1) With DS-lite you only need one IPv6 session on the BRAS. Kind regards Philipp Kern
Attachment:
signature.asc
Description: Digital signature