NAT is dead, long live NAT64! Well, just not for too long, OK?

It seems that implementation of some kind of IPv6 Transition Mechanisms is inevitable. IPv4 address space shortage will force many to use the networking evil – NAT. Stateful NAT64, accompanied by DNS64, looks very promising for well-behaved TCP/UDP services. The beauty of the beast comes from the fact that this type of transition technology is designed to fade away as native IPv6 is being fully deployed. Finally, it can be simply shutdown and decommissioned when most of the old IPv4-only servers are gone.

We are running a small experiment at ARNES (The Academic and Research Network of Slovenia). In a joint effort with a few Slovenian schools, stateful NAT64 with DNS64 is used to provide connectivity from a slowly growing number of IPv6-only local networks. So far, so good :-), I must say.

NAT64 was implemented within Cisco ASR 1k. The configuration is rather simple:

! this ACL defines which v6-packets will be translated
ipv6 access-list Nat64
 permit ipv6 <ipv6-only-lan1> any
 permit ipv6 <ipv6-only-lan2> any
nat64 prefix stateful <nat64-prefix>/64
nat64 v4 pool Nat64Pool <from-ipv4> <to-ipv4>
nat64 v6v4 list Nat64 pool Nat64Pool overload
nat64 settings fragmentation header disable
! enable translation at each L3 interface
interface <blah>
 nat64 enable

For DNS64, a BIND 9.8 server was installed.