[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

ipv6 nat64 and dns64

Posted on 2014-01-14
5
Medium Priority
?
558 Views
Last Modified: 2014-01-30
Are the function nat64 and dns64 combined in one device?

Is the dns64 in my network or on the Internet?

I have an ipv6 network and I want to reach a website. How does it work? Assume that nat64 is performed by my firewall and I am not sure how to deal with dns64.

Thanks
0
Comment
Question by:leblanc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 22

Assisted Solution

by:Rick Hobbs
Rick Hobbs earned 1000 total points
ID: 39783396
NAT64 and DNS64 can be on the same device, but are not required to be on the same device.  They allow IPV6 devices to resolve and communicate with IPV4 devices.  Check out this link for configuration information of them on a Windows server using Forefront UAG Directaccess.

http://technet.microsoft.com/en-us/library/ee406236.aspx
0
 
LVL 65

Accepted Solution

by:
btan earned 1000 total points
ID: 39784150
Both nat64 and dns64 can be performed within a device. You can check out the applications delivery controller (ADC) like f5 networks LTM, Citrix Netscalar and A10 etc and of course gateway such as MS UAG too.
They are used to retain existing addressing as transition and the ADC help to be the middle man till both source and dest becomes ipv6. Not all servers are easily going into ipv6 due to legacy apps.

The flow tends to be as follows assuming this device is fronting your network which is ipv6 and accessing another in ipv4 networks.

E.g:-
Suppose IPv6 client is going to connect to www.testingipv6.net (fake for illustration) which resides in IPv4 network
-First, IPv6 client performs DNS resolution. IPv6 client sends DNS AAAA query to ADC.
-ADC transforms AAAA to A query by DNS64 iRule
-ADC forwards A query from previous step to DNS pool in IPv4 domain
-DNS server in IPv4 domain replies to ADC
-ADC performs appropriate transformation such as changing from A to AAAA query and changing IPv4 address to IPv6 address before forwarding DNS answer back to IPv6 client.
-ADC uses fix 96-bit prefix address concatenate with 32-bit IPv4 address to form new dynamic IPv6 address. This will be performing the dns64.
-Once IPv6 client gets the answer to AAAA query (as IPv6 destination address). It opens connection to the IPv6 destination address. Traffic to the IPv6 destination must be routed through ADC
-ADC receives IPv6 traffic from client, perform src and dst address translation, and forwards to IPv4 network. This will be perfroming the nat64
0
 
LVL 1

Author Comment

by:leblanc
ID: 39784402
Very good explanation.
Is ADC nat64 or dns64 or both?
"by DNS64 iRule". Is this a server that will be doing this? Is this on the Internet or local to the host?
"step to DNS pool in IPv4 domain". This is in the Internet. Correct?
0
 
LVL 22

Assisted Solution

by:Rick Hobbs
Rick Hobbs earned 1000 total points
ID: 39784411
1. Both.
2. It is an application running on either a server as in the MS UAG or an appliance  as in the F5, Netscaler, and A10 products.
3. Can be the Internet or another network.
0
 
LVL 65

Assisted Solution

by:btan
btan earned 1000 total points
ID: 39784447
Both. Yes it is in F5 device iRule script in their LTM. it can sits behind your firewall or even even at front of FW. The ipv4 can be internet as described. ADC is just the forward proxy gateway out to the ipv4 land
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question