In message <fe7943df-6a3a-478f-af40-de4d3592f...@puck.nether.net>, Jared Mauch writes: > > On Feb 4, 2011, at 4:32 PM, Mark Andrews wrote: > > >=20 > > In message <201102041140.42719.lo...@pari.edu>, Lamar Owen writes: > >> On Friday, February 04, 2011 09:05:09 am Derek J. Balling wrote: > >>> I think they'll eventually notice a difference. How will an = > IPv4-only inter > >> nal host know what to do with an IPv6 AAAA record it gets from a DNS = > lookup? > >>=20 > >> If the CPE is doing DNS proxy (most do) then it can map the AAAA = > record to an > >> A record it passes to the internal client, with an internal address = > for the=20 > >> record chosen from RFC1918 space, and perform IPv4-IPv6 1:1 NAT from = > the assi > >> gned RFC1918 address to the external IPv6 address from the AAAA = > record (since > >> you have at least a /64 at your CPE, you can even use the RFC1918 = > address in > >> the lower 32 bits.... :-P). =20 > >>=20 > >> This may already be a standard, or a draft, or implemented somewhere; = > I don't > >> know. But that is how I would do it, just thinking off the top of my = > head. > >>=20 > >=20 > > DS-lite delivers a IPv4 softwire over a IPv6 upstream. It also > > introduces less problems than NAT64 as it works with DNSSEC and > > with IPv4 literal. Along with DS-lite there is a UPNP replacement > > designed to work with distributed NATs (DS-Lite (AFTR+B4) and NAT444 > > (LSN + CPE NAT)) so that holes can be punched threw multiple devices > > if needed. > > I've yet to see a version of ALG that isn't buggy (eg: Cisco SIP-ALG, = > 2Wire/ATT uverse sip-alg is seriously broken, same for either dlink or = > netgear... we have to turn it off otherwise it does bad things).
And you reported the bugs. > I'm sure that LSN activity is going to work "great" for the carriers. Yes it is a worry which is why we want people to move to IPv6 and not use NAT. Less things to go wrong. A firewall only has to react to the traffic not re-write it. One lesa thing to go wrong. > - jared= -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
