Showing results for 
Search instead for 
Did you mean: 
Konstantin Dunaev

access from IPv4 Internet to IPv6 hosting farm


I was reading a lot about different IPv6 transition technologies, but it's most about tunneling or providing an access to IPv4 Internet from  IPv6 only host.

What I need is other way around.

There is a IPv6 only hosting services, with many services running only IPv6.  Some of these services should visible from IPv4 Internet, they could be a normal Web or Mail server, or some P2P protocols.

With a technologies like NAT64 we can easily provide access from those IPV6 server to Internet, but other direction is difficult.

The only way  I can see it's a static NAT64 mapping, but as you can imaging in hosting environment it's quite impossible. Assigning servers an additional (private) IPv4 and doing a normal NAT44 is not an option.

1:1 mapping is not very interesting also, we'd like to use a rather small IPv4 pool to share it between all IPv6 services.

Is there any existing solution?

Just an idea how it could look like. It's kind of reverse NAT64/DNS64:

- IPv4 clients sends an "A" DNS request for a certain service

- DNS server together with NAT device tries to create a NAT mapping between a IPv4 address from the pool and real IPv6 address for that service (NAT device should check if the IPv4:Port pair is available for mapping)

- DNS answer with that IPv4 address

- after some time the NAT mapping is deleted and IPv4:port is now available for other IPV6 service.

I don't know  if it makes any sense, but to me it looks quite interesting possible solution.

thank you for suggestions and ideas!

Andrew Yourtchenko
Cisco Employee

Konstantin, indeed this is an interesting solution and some folks are experimenting with it - see Ivan's blog entry at

One can achieve fully stateless approach using SIIT - which has the drawback that one must inject /128s into the IPv6 routing table - or using the statically defined translation based on stateful NAT64. I've used the latter variant on some lightly loaded servers, and it worked rather nicely (though only ASR1k at the moment).

ASA9.0 should also be able to do this using its NAT64 capabilities.

Is this something you are considering for your deployments ?


Content for Community-Ad
This widget could not be displayed.