I was reading a lot about different IPv6 transition technologies, but it's most about tunneling or providing an access to IPv4 Internet from IPv6 only host.
What I need is other way around.
There is a IPv6 only hosting services, with many services running only IPv6. Some of these services should visible from IPv4 Internet, they could be a normal Web or Mail server, or some P2P protocols.
With a technologies like NAT64 we can easily provide access from those IPV6 server to Internet, but other direction is difficult.
The only way I can see it's a static NAT64 mapping, but as you can imaging in hosting environment it's quite impossible. Assigning servers an additional (private) IPv4 and doing a normal NAT44 is not an option.
1:1 mapping is not very interesting also, we'd like to use a rather small IPv4 pool to share it between all IPv6 services.
Is there any existing solution?
Just an idea how it could look like. It's kind of reverse NAT64/DNS64:
- IPv4 clients sends an "A" DNS request for a certain service
- DNS server together with NAT device tries to create a NAT mapping between a IPv4 address from the pool and real IPv6 address for that service (NAT device should check if the IPv4:Port pair is available for mapping)
- DNS answer with that IPv4 address
- after some time the NAT mapping is deleted and IPv4:port is now available for other IPV6 service.
I don't know if it makes any sense, but to me it looks quite interesting possible solution.
One can achieve fully stateless approach using SIIT - which has the drawback that one must inject /128s into the IPv6 routing table - or using the statically defined translation based on stateful NAT64. I've used the latter variant on some lightly loaded servers, and it worked rather nicely (though only ASR1k at the moment).
ASA9.0 should also be able to do this using its NAT64 capabilities.
Is this something you are considering for your deployments ?
LISP Protocol (Location Identifier Separation Protocol)! - The LISP protocol has become a brilliant stardom with the digital transformation that we are now experiencing. - Today we will talk about the LISP protocol and its advantages and method of p...
SD-Access provides automated end-to-end services (such as segmentation, quality of service, and analytics) for user, device, and application traffic. SD-Access automates user policy so organizations can ensure the appropriate access control and applicati...
Purpose: This document shows you how to create a group-based security policy in Cisco DNA Center.
Security policies determine the types of network traffic permitted or denied between scalable groups. Scalable groups are a critical compo...
Are you an experienced network professional?
If yes, we'd like to understand how we can better organize network management activities in a way that makes sense to you. Your response will help Cisco improve a product feature that could benefit you.&nb...
Hello I am getting this following error and get ACTV, XPS and S-PWR LEDs amber then suddenly all LEDs are off: Booting...(use DDR clock 667 MHz)*** Coprocessor Unusable Exception ***PC = 0x00000000 00000000SP = 0x00000000 00000000Cause Reg...