Solved

ipv6 nat64 and dns64

Posted on 2014-01-14
5
502 Views
Last Modified: 2014-01-30
Are the function nat64 and dns64 combined in one device?

Is the dns64 in my network or on the Internet?

I have an ipv6 network and I want to reach a website. How does it work? Assume that nat64 is performed by my firewall and I am not sure how to deal with dns64.

Thanks
0
Comment
Question by:leblanc
  • 2
  • 2
5 Comments
 
LVL 22

Assisted Solution

by:rickhobbs
rickhobbs earned 250 total points
ID: 39783396
NAT64 and DNS64 can be on the same device, but are not required to be on the same device.  They allow IPV6 devices to resolve and communicate with IPV4 devices.  Check out this link for configuration information of them on a Windows server using Forefront UAG Directaccess.

http://technet.microsoft.com/en-us/library/ee406236.aspx
0
 
LVL 61

Accepted Solution

by:
btan earned 250 total points
ID: 39784150
Both nat64 and dns64 can be performed within a device. You can check out the applications delivery controller (ADC) like f5 networks LTM, Citrix Netscalar and A10 etc and of course gateway such as MS UAG too.
They are used to retain existing addressing as transition and the ADC help to be the middle man till both source and dest becomes ipv6. Not all servers are easily going into ipv6 due to legacy apps.

The flow tends to be as follows assuming this device is fronting your network which is ipv6 and accessing another in ipv4 networks.

E.g:-
Suppose IPv6 client is going to connect to www.testingipv6.net (fake for illustration) which resides in IPv4 network
-First, IPv6 client performs DNS resolution. IPv6 client sends DNS AAAA query to ADC.
-ADC transforms AAAA to A query by DNS64 iRule
-ADC forwards A query from previous step to DNS pool in IPv4 domain
-DNS server in IPv4 domain replies to ADC
-ADC performs appropriate transformation such as changing from A to AAAA query and changing IPv4 address to IPv6 address before forwarding DNS answer back to IPv6 client.
-ADC uses fix 96-bit prefix address concatenate with 32-bit IPv4 address to form new dynamic IPv6 address. This will be performing the dns64.
-Once IPv6 client gets the answer to AAAA query (as IPv6 destination address). It opens connection to the IPv6 destination address. Traffic to the IPv6 destination must be routed through ADC
-ADC receives IPv6 traffic from client, perform src and dst address translation, and forwards to IPv4 network. This will be perfroming the nat64
0
 
LVL 1

Author Comment

by:leblanc
ID: 39784402
Very good explanation.
Is ADC nat64 or dns64 or both?
"by DNS64 iRule". Is this a server that will be doing this? Is this on the Internet or local to the host?
"step to DNS pool in IPv4 domain". This is in the Internet. Correct?
0
 
LVL 22

Assisted Solution

by:rickhobbs
rickhobbs earned 250 total points
ID: 39784411
1. Both.
2. It is an application running on either a server as in the MS UAG or an appliance  as in the F5, Netscaler, and A10 products.
3. Can be the Internet or another network.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
ID: 39784447
Both. Yes it is in F5 device iRule script in their LTM. it can sits behind your firewall or even even at front of FW. The ipv4 can be internet as described. ADC is just the forward proxy gateway out to the ipv4 land
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now