?
Solved

ipv6 nat64 and dns64

Posted on 2014-01-14
5
Medium Priority
?
550 Views
Last Modified: 2014-01-30
Are the function nat64 and dns64 combined in one device?

Is the dns64 in my network or on the Internet?

I have an ipv6 network and I want to reach a website. How does it work? Assume that nat64 is performed by my firewall and I am not sure how to deal with dns64.

Thanks
0
Comment
Question by:leblanc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 22

Assisted Solution

by:Rick Hobbs
Rick Hobbs earned 1000 total points
ID: 39783396
NAT64 and DNS64 can be on the same device, but are not required to be on the same device.  They allow IPV6 devices to resolve and communicate with IPV4 devices.  Check out this link for configuration information of them on a Windows server using Forefront UAG Directaccess.

http://technet.microsoft.com/en-us/library/ee406236.aspx
0
 
LVL 64

Accepted Solution

by:
btan earned 1000 total points
ID: 39784150
Both nat64 and dns64 can be performed within a device. You can check out the applications delivery controller (ADC) like f5 networks LTM, Citrix Netscalar and A10 etc and of course gateway such as MS UAG too.
They are used to retain existing addressing as transition and the ADC help to be the middle man till both source and dest becomes ipv6. Not all servers are easily going into ipv6 due to legacy apps.

The flow tends to be as follows assuming this device is fronting your network which is ipv6 and accessing another in ipv4 networks.

E.g:-
Suppose IPv6 client is going to connect to www.testingipv6.net (fake for illustration) which resides in IPv4 network
-First, IPv6 client performs DNS resolution. IPv6 client sends DNS AAAA query to ADC.
-ADC transforms AAAA to A query by DNS64 iRule
-ADC forwards A query from previous step to DNS pool in IPv4 domain
-DNS server in IPv4 domain replies to ADC
-ADC performs appropriate transformation such as changing from A to AAAA query and changing IPv4 address to IPv6 address before forwarding DNS answer back to IPv6 client.
-ADC uses fix 96-bit prefix address concatenate with 32-bit IPv4 address to form new dynamic IPv6 address. This will be performing the dns64.
-Once IPv6 client gets the answer to AAAA query (as IPv6 destination address). It opens connection to the IPv6 destination address. Traffic to the IPv6 destination must be routed through ADC
-ADC receives IPv6 traffic from client, perform src and dst address translation, and forwards to IPv4 network. This will be perfroming the nat64
0
 
LVL 1

Author Comment

by:leblanc
ID: 39784402
Very good explanation.
Is ADC nat64 or dns64 or both?
"by DNS64 iRule". Is this a server that will be doing this? Is this on the Internet or local to the host?
"step to DNS pool in IPv4 domain". This is in the Internet. Correct?
0
 
LVL 22

Assisted Solution

by:Rick Hobbs
Rick Hobbs earned 1000 total points
ID: 39784411
1. Both.
2. It is an application running on either a server as in the MS UAG or an appliance  as in the F5, Netscaler, and A10 products.
3. Can be the Internet or another network.
0
 
LVL 64

Assisted Solution

by:btan
btan earned 1000 total points
ID: 39784447
Both. Yes it is in F5 device iRule script in their LTM. it can sits behind your firewall or even even at front of FW. The ipv4 can be internet as described. ADC is just the forward proxy gateway out to the ipv4 land
0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question