[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: on NAT-PT
>>>> unfortunately there's no documentation.
>>>> this is universally bad because
>>>> (1) it requires every node to configure the translation prefix
>>>> manually
>>>> (kills spirit of autoconfigured hosts), or to cook up DHCPv6 option
>>>> for
>>>> it (horrid idea),
>>> It could be a well know prefix. You won't have to configure a special
>>> prefix for that.
>> that's much more sick.
>Could you please elaborate why?
the failure mode with your proposal is a disaster. what happens if
your site do not provide IPv6-to-IPv4 translation with the hardcoded
prefix? your IPv6-only machine will try to connect to non-existent
prefix, and the packet will travel to somewhere unknown.
and with your plan, it seems that you are planning to reuse the same
prefix in multiple locations (at least in different sites, and could be
multiple locations within a site). it will lead to unstable
translation service as routing to the hardcoded prefix can flap and
the packet to hardcoded prefix can reach a different translation box,
the other translation box does not have the state info for the
traffic, and the connection will be killed.
existing NAT-PT product (like from Yokogawa) is much more robust than
what you are proposing.
DNS-ALG box and NAT-PT translation box are separate. each of the
NAT-PT translation box T1, T2, ... Tn are configured with certain
(seaprate) IPv6 prefixes for each, P1, P2, .. Pn. DNS-ALG box
monitors which NAT-PT translation boxes are alive. DNS-ALG will return
fabricated AAAA response (for actual A response from the outside DNS
authoritative server) using prefix Pi, when Ti is alive (it does not
return AAAA with Pj if Tj is dead).
itojun