Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6680
Views
5
Helpful
10
Replies

6to4 dynamic NAT and DNS6

Go to solution
joyride_us2
Level 1
Level 1

‎04-01-2011 02:46 AM - edited ‎03-01-2019 05:26 PM

Hi,

I am working on my first project to place IPv6 users on IPv4 Internet. I see 2 challenges :

- NAT 6to4 with IPv4 interface address (overload)

- DNS6 request (DNS ALG, it seems to be only in the book and nowhere else...)

How can I fix those 2 items ?

Thank you in advance !

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Phillip Remaker
Cisco Employee
Cisco Employee
In response to joyride_us2

‎05-04-2011 09:51 AM

There are a few options.

  1. You can dual stack the devices with RFC1918 (private IPv4 addressing), and then do ordinary IPv6 routing to IPv6 sites and regular old NAT 44 to IPv4 sites.  DNS would travel over IPv6 ot IPv4.
  2. If you insist the devices be IPv6 only, you can NAT64 to multiple IPv4 RFC1918 addresses (supported today) which will turn the DNS from IPv6 to IPv4 where needed and then NAT44 those addresses with another device to a single global IP address.

What is the scale of the intended operation?  Tens of hosts?  Hundreds of hosts?  Thousands?  More?

View solution in original post

10 Replies 10

Go to solution
SASipraPK
Level 1
Level 1

‎04-01-2011 05:01 AM

kindly see my post with name : Implementation of  NAT64 & DNS64

0 Helpful

Go to solution
joyride_us2
Level 1
Level 1
In response to SASipraPK

‎04-01-2011 05:11 AM

I had just read it!

Your setup is also more "complex" than what I am planning to have with BGP, a public ASN, a tunnel to a IPv6 broker, an external server for the NAT'ing...

I just need to NAT 4to6 with overload to a unique public IPv4 address, and a DNS-ALG type of solution so that DNS request from IPv6 customer are intercepted by the router, translated back and forth to an IPv4 DNS...

The docs on this site about ipv6 talks about all this but do not show the configuration, neither for the NAPT-PT nor for the DNS6to4. For the NAT'ing, I can always have my router make the conversion 6to4 wit dynamic IPv4 pool, then NAT'ed to a unique public address on my ASA. Not elegant but it will work. But for the DNS, I am stuck, for the time being! NAT-PT DNS-ALG is supposed to do that according to the IPv6 ciscopress book..but no sample config in sight!

What do you think ?

Thanks!

PS : I love your setup, we are not that ambitous for the time being!

0 Helpful

Go to solution
Phillip Remaker
Cisco Employee
Cisco Employee
In response to joyride_us2

‎05-03-2011 09:06 AM

OK, let me summarize the problem:

  • You have an IPv6 only network
  • You want to have the IPv6 users "translated" to IPv4.
  • You want to share a SINGLE IPv4 address.

What you are asking for is "Stateful NAT64" I believe, which maintains a table mapping the IPv6 addresses/ports to the single IPv4 address.

Is that correct?

What platform(s) are you using?

0 Helpful

Go to solution
joyride_us2
Level 1
Level 1
In response to Phillip Remaker

‎05-04-2011 12:23 AM

we will purchase whatever is necessary! In addition to what you mention, I need DNS64, so that Internet will work!

thank you

0 Helpful

Go to solution
Phillip Remaker
Cisco Employee
Cisco Employee
In response to joyride_us2

‎05-04-2011 09:51 AM

There are a few options.

  1. You can dual stack the devices with RFC1918 (private IPv4 addressing), and then do ordinary IPv6 routing to IPv6 sites and regular old NAT 44 to IPv4 sites.  DNS would travel over IPv6 ot IPv4.
  2. If you insist the devices be IPv6 only, you can NAT64 to multiple IPv4 RFC1918 addresses (supported today) which will turn the DNS from IPv6 to IPv4 where needed and then NAT44 those addresses with another device to a single global IP address.

What is the scale of the intended operation?  Tens of hosts?  Hundreds of hosts?  Thousands?  More?

Go to solution
joyride_us2
Level 1
Level 1
In response to Phillip Remaker

‎05-04-2011 10:12 AM

We are talking about 250 users. So NAT-PT works after all ?

0 Helpful

Go to solution
Phillip Remaker
Cisco Employee
Cisco Employee
In response to joyride_us2

‎05-04-2011 11:08 AM

Well, "works" is a relative term.  You can configure NAT-PT, but you could also pour motor oil over your breakfast cereal :-)

With the NAT64 + NAT44 combo work for you, or is that too much of a hack?

0 Helpful

Go to solution
joyride_us2
Level 1
Level 1
In response to Phillip Remaker

‎05-04-2011 11:19 AM

No, it is fine. nobody can demand a complete IPv6 implementation. Most of companies implementing IPv6 just want an article in the newspaper...

I will try it in my lab this week probably before talking to the big cheese.

0 Helpful

Go to solution
joyride_us2
Level 1
Level 1
In response to Phillip Remaker

‎05-04-2011 11:20 AM

By the way...since I am NAT'ing the whole traffic to IPv4, why would I need to get an ASN and registered block of IPv6 addresses ?

0 Helpful

Go to solution
Phillip Remaker
Cisco Employee
Cisco Employee
In response to joyride_us2

‎05-05-2011 09:14 AM

You want to register and own the addresses to make sure that you  never overlap with the outside world.  If you don't register, someone  may someday overlap your space.

If you will never, even  want IPv6 global connectivity, you can use Unique Local Addressing  (ULA), which may have risk over overlap if you ever merge with another  enterprise.

or look at RFC6052 which proposes strategy to develop internal unique private IPv6 addressing based on your IPv4 address.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card