[Bp_ipv6] Request for clarification NAT v NAT

Alejandro Acosta alejandroacostaalamo at gmail.com
Mon Nov 30 13:46:39 EST 2015


Hello,
  I fully agree with Patrik (and of course with Marco who supports
Patrik's comment). I believe we should mention the impact of NAT64 in
DNSSEC.
  My only concern is that we will always be missing something..., I
mean, to satisfy everyone's point of view regarding NAT (concepts,
functioning, etc) will be almost impossible.

Regards,

Alejandro,

El 11/29/2015 a las 8:29 PM, Marco Hogewoning escribió:
> Sensible addition, If not to late, to add the DNSSEC impact.
>
> Thanks Patrik,
>
> MarcoH
>
>> On 30 Nov 2015, at 00:11, Patrik Fältström <paf at frobbit.se> wrote:
>>
>> On 27 Nov 2015, at 11:10, Marco Hogewoning wrote:
>>
>>> A different type of NAT, called NAT64, is used to translate between IPv4 and IPv6 networks, connecting the two incompatible protocols. This in particular allows users of IPv6 to connect to services that are still only available using the IPv4 protocol. While this translation again could introduce negative effects on traceability of overall network performance, it is widely regarded as an acceptable technology to aid in the deployment of IPv6. Especially in those cases where a single stack network setup, only using IPv6, is preferable over maintaining support for both IPv4 and IPv6 in an access network. Various 4G/LTE mobile access providers have chosen to deploy this technology as part of their IPv6 deployment.
>> Hmm...I would like to have slightly tuned text, as NAT64 is as mentioned earlier much more complicated than "normal" NAT. It requires not only address translation but also synthesize DNS responses, and by doing that inability to validate DNSSEC signed responses on devices south of the NAT64 box.
>>
>> I also think one should point out that some 4G/LTE providers have chosen to use dual stack. So it does not sound like if one MUST do single stack on mobile data networks.
>>
>> Because of that, I would like to see an addition, for example:
>>
>> A different type of NAT, called NAT64, is used to translate between IPv4 and IPv6 networks, connecting the two incompatible protocols. This in particular allows users of IPv6 to connect to services that are still only available using the IPv4 protocol. While this translation not only impacts address mapping but also DNS resolution, specifically the security technology DNSSEC but also introduce negative effects on traceability of overall network performance, it is widely regarded as an acceptable technology to aid in the deployment of IPv6. Especially in those cases where a single stack network setup, only using IPv6, is preferable over maintaining support for both IPv4 and IPv6 in an access network. Various 4G/LTE mobile access providers have chosen to deploy this technology as part of their IPv6 deployment, while other have dual stack (IPv4 and IPv6) deployed.
>>
>>   Patrik





More information about the Bp_ipv6 mailing list