Community discussions

MikroTik App
 
daffster
just joined
Topic Author
Posts: 14
Joined: Sun Jul 27, 2008 9:18 pm
Contact:

NAT64 and DNS64

Thu Jun 17, 2010 1:44 pm

Hi,

Is the inclusion of NAT64 and DNS64 support in the Roadmap for RouterOS v5?
I think this would be a great help for ISPs wishing to do a rapid deployment of pure IPv6 without breaking access to IPv4 resources.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: NAT64 and DNS64

Thu Jun 17, 2010 3:01 pm

dns in RouterOS supports IPv6 address resolving, if you set IPv6 addresses
IPv6 does not have NAT as it is in IPv4
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: NAT64 and DNS64

Thu Jun 17, 2010 3:15 pm

NAT64? you mean, kind of 4-to-6 tunnel, so that IPv4 users can access IPv6 resources?..

if yes - then joining the question, although I'm not familiar with ipv6 yet... =)
 
ArcticKnyght
just joined
Posts: 8
Joined: Wed Aug 27, 2008 5:25 pm

Re: NAT64 and DNS64

Thu Jun 17, 2010 6:21 pm

NAT64 is for scenarioes where you do not allocate a v4 address to the customer, and instead use a gateway to fetch v4 resources on the internet that is then translated back into v6.

Opensource implementation

Cisco's description
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: NAT64 and DNS64

Thu Jun 17, 2010 6:50 pm

 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: NAT64 and DNS64

Thu Jun 17, 2010 7:00 pm

The two are different. 6to4 tunnels the original packet, NAT64 is AFT (address family translation).
 
daffster
just joined
Topic Author
Posts: 14
Joined: Sun Jul 27, 2008 9:18 pm
Contact:

Re: NAT64 and DNS64

Fri Jun 18, 2010 11:26 am

NAT64 is a method of giving IPv6 only clients access to IPv4 resources.
http://tools.ietf.org/html/draft-bagnul ... e-nat64-00

There are a few opensource implementations of this, and I've tested http://ecdysis.viagenie.ca/ on a linux gateway, and it works fine.

Its only really useful with DNS64, which is an A record to AAAA "translator" for DNS queries from IPv6 clients.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: NAT64 and DNS64

Fri Jun 18, 2010 12:36 pm

well, there should be no problem with RouterOS resolving AAAA records.
 
daffster
just joined
Topic Author
Posts: 14
Joined: Sun Jul 27, 2008 9:18 pm
Contact:

Re: NAT64 and DNS64

Fri Jun 18, 2010 5:08 pm

Yes, I know that RouterOS works with IPv6 accessing IPv6 resources, and IPv4 accessing IPv4 resources, and dual-stack.

But DNS64 is a helper for NAT64.

NAT64 essentially takes IPv6 requests for IPv4 resources, and maps the IPv4 resources into IPv6 space. Then DNS64 assists in this process by taking A records, and coverting them to AAAA responses in the "mapped" IPv6 space.

This allows Pure IPv6 clients access to IPv4 resources.
 
Ivoshiee
Member
Member
Posts: 483
Joined: Sat May 06, 2006 4:11 pm

Re: NAT64 and DNS64

Wed Jun 23, 2010 2:30 am

well, there should be no problem with RouterOS resolving AAAA records.
Sorry to inform, but apparently there are issues with RouterOS resolving AAAA records:
http://forum.mikrotik.com/viewtopic.php ... 12#p211212
 
bintang
newbie
Posts: 32
Joined: Tue Jan 15, 2008 2:12 pm

Re: NAT64 and DNS64

Sat Aug 21, 2010 12:39 am

we are need it NAT64 ,
http://blog.go6.net/?p=210
 
bintang
newbie
Posts: 32
Joined: Tue Jan 15, 2008 2:12 pm

Re: NAT64 and DNS64

Sat Aug 21, 2010 4:31 am

waiting for NAT64 on Mikrotik
 
charliebrown
Member Candidate
Member Candidate
Posts: 130
Joined: Wed Dec 17, 2008 3:27 am

Re: NAT64 and DNS64

Sat Aug 21, 2010 5:34 am

NAT64 and DNS64 is something thats going to be needed on a large scale when the last v4 ranges are handed out, Currently the only applications floating around are not production ready.

We do really need a way of running pure v6 inside our entire network and only touching v4 on the edge for net connection, RIR's are tightening up their policies on handing out v4 whilst handing out v6 space like its candy. Today if we had to deploy a pure v6 network we couldnt, Basic things like v6 PPPoE are only just coming into a BETA release that wont be stable for a while, We would have to use v4 space and 6to4 tunnels to provide v6 connections which ties up v4 space

NAT64 is in use via Cisco with T-Mobiles mobile v6 trials and is fast becoming the primary transition method, MT's going to have to polish it's v6 stack quite a bit and perhaps even backport some of the critical v6 features like v6 PPPoE and Dhcp6 back to 4.x
 
bintang
newbie
Posts: 32
Joined: Tue Jan 15, 2008 2:12 pm

Re: NAT64 and DNS64

Sun Aug 22, 2010 7:36 pm

mikrotik team , when your ROS support NAT64 ???
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: NAT64 and DNS64

Sun Aug 22, 2010 8:31 pm

Were you seriously expecting a road map in two days over a weekend? Shouting the same thing over and over isn't going to achieve anything.
 
bintang
newbie
Posts: 32
Joined: Tue Jan 15, 2008 2:12 pm

Re: NAT64 and DNS64

Sun Aug 22, 2010 8:37 pm

hha haa haa :lol:

i know that ...
 
hedele
Member
Member
Posts: 338
Joined: Tue Feb 24, 2009 11:23 pm

Re: NAT64 and DNS64

Mon Aug 23, 2010 8:54 am

Well, since I do think that eventually we will completely run out of IPv4 Resources and will have to go IPv6 only,
any means to let IPv6-only users access the rest of the internet would be very much appreciated :)

so yes, please implement NAT64 and DNS64 :)
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2182
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: NAT64 and DNS64

Mon Aug 23, 2010 12:47 pm

+1 for NAT64 support!
 
bintang
newbie
Posts: 32
Joined: Tue Jan 15, 2008 2:12 pm

Re: NAT64 and DNS64

Wed Aug 25, 2010 5:39 pm

go go go ... NAT64
 
Ozelo
Member
Member
Posts: 338
Joined: Fri Jun 02, 2006 3:56 am

Re: NAT64 and DNS64

Thu Aug 26, 2010 3:57 pm

NAT64 YES!!! A full native IPv6 network accessing IPv4 resources via NAT64 on Mikrotik ROS is all we need nowdays!!!
 
hci
Long time Member
Long time Member
Posts: 679
Joined: Fri May 28, 2004 5:10 pm

Re: NAT64 and DNS64

Thu Aug 26, 2010 5:16 pm

NAT64 YES!!! A full native IPv6 network accessing IPv4 resources via NAT64 on Mikrotik ROS is all we need nowdays!!!
+1

We must move forward with IPv6!!!

As of this date only 5 percent of IPv4 remains which equals 278 days tell exhaustion:

http://www.potaroo.net/tools/ipv4/
 
User avatar
Eising
Member Candidate
Member Candidate
Posts: 272
Joined: Mon Oct 27, 2008 10:21 am
Location: Copenhagen, Denmark

Re: NAT64 and DNS64

Sat Aug 28, 2010 6:54 pm

+1 from me too.
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Mon Sep 13, 2010 12:21 pm

I don't vote for NAT64 for one simple reason.
We don't actually need it, at least not yet, I think there are higher priorities.
I would like to see Mikrotik complete the IPv6 stack for things such as Hotspot_v6, DHCPv6, Winbox, ssh etc.

NAT64 / DNS 64 allows clients to be setup in a single stack IPv6 only implementation.
I don't see any real reason why you would want to be so fast to switch form IPv4 to IPv6 overnight without running dual stack as an intermediate step.

I am in favour of IPv6 + NAT44 or IPv6 + NAT444 depending on then network size.

Clients can be allocated a Private IPv4 address (such as is done on corporate networks) + a public IPv6 address.
Servers would need to be allocated Public IPv4 + IPv6 native or IPv4 + 6to4 IPv6 addresses.
Since there is a lot more clients than servers the client problem needs to be addressed first.

NAT64 / DNS64 is a way to get rid of the IPv4 stack on the client side; and it's not the only way of acheiving this.
DS Lite AP and NAT IVI are alternate methods and of the three I actual prefer the IVI method used for the last few years by CERTNET in China.

Also, I would like to see a stable implementation of NAT64 on Linux Netfilter that Mikrotik can base their work on.
Does anyone know if this is available or has tested this?
 
vihai
just joined
Posts: 21
Joined: Fri Sep 24, 2010 5:03 am

Re: NAT64 and DNS64

Wed Sep 29, 2010 6:23 pm

I don't vote for NAT64 for one simple reason.
We don't actually need it, at least not yet, I think there are higher priorities.
I agree with you, NAT64/DSN64 will not be indispensable until the address space is exhausted, in the meantime it it more important to have full support for dual-stack features (DHCPv6, prefix delegation, prefix labels, services over IPv6, etc..).

However it has to be ready (and tested) by the time the address space is exhausted otherwise we are in deep s.... :)
 
charliebrown
Member Candidate
Member Candidate
Posts: 130
Joined: Wed Dec 17, 2008 3:27 am

Re: NAT64 and DNS64

Wed Sep 29, 2010 11:45 pm

This is MT, If they start it in the next 3-4 months it'll only be stable by v4 exhaustion :lol:
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Thu Sep 30, 2010 12:01 am

Is there a working implementation of this on Linux or *BSD that we can play with?
Is there an RFC?
Or is this just a Cisco Proprietory thing?
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: NAT64 and DNS64

Thu Sep 30, 2010 12:08 am

 
charliebrown
Member Candidate
Member Candidate
Posts: 130
Joined: Wed Dec 17, 2008 3:27 am

Re: NAT64 and DNS64

Thu Sep 30, 2010 1:04 am

Is there a working implementation of this on Linux or *BSD that we can play with?
Is there an RFC?
Or is this just a Cisco Proprietory thing?

Its an spec, Cisco in CGv6, MS is UAG Direct Access and linux is Ecdysis.

Linux is a PoC code, Only one DNS request at a time etc
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Thu Sep 30, 2010 3:05 am

However it has to be ready (and tested) by the time the address space is exhausted otherwise we are in deep s.... :)
Why can't you run Dual Stack?
 
charliebrown
Member Candidate
Member Candidate
Posts: 130
Joined: Wed Dec 17, 2008 3:27 am

Re: NAT64 and DNS64

Thu Sep 30, 2010 3:36 am

Dual stacking only works when you have v4 space to dual stack with, If you dual stack with private v4 space you run into double nat issues, NAT64 is a way around this for some but not all applications
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Thu Sep 30, 2010 4:08 am

Dual stacking only works when you have v4 space to dual stack with, If you dual stack with private v4 space you run into double nat issues, NAT64 is a way around this for some but not all applications
What problems does it solve? I don't see how it's any better, and considering it's not well tested I expect it would in fact be worse!
 
charliebrown
Member Candidate
Member Candidate
Posts: 130
Joined: Wed Dec 17, 2008 3:27 am

Re: NAT64 and DNS64

Thu Sep 30, 2010 5:24 am

Double-Natting in a dual stack private v4 setup. I'd hate to be an ISP running that and handling client requests for port forwards!
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Thu Sep 30, 2010 6:44 am

I don't see how it solves that problem. It's not like there is a NAT46 and DNS46 as well.


We are already an ISP doing Double NAT and we want to get an IPv6 Stack to allow customers to support incoming connections more easily. I don't see how NAT64 can help us. Currently customers have to use UPNP to get an incoming connection. Some applications support UDP hole punching (eg skype) and that seems to work just as well through double NAT as through single NAT.

Whether hole punching works or not has more to do with how many users there are than how many layers of NAT.
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Thu Sep 30, 2010 6:55 am

I see DNS64/NAT64 as a way of getting rid of Dual Stack.
It means that a client can have a single IPv6 Stack and connect to IPv6 directly and IPv4 through NAT.
Incoming connections must be made to IPv6 address. Outbound connections (to IPv4 anyway) must use the provided DNS.

If you have dual stack Public IPv6 and Private IPv4 you end up acheiving exactly the same result.
Difference is
1. That the NAT44 or NAT444 is tried and tested
2. That there are two stacks to contend with.

As I see it, the only real benefit is NAT64/DNS64 is the saving of having a single IP stack.
 
vihai
just joined
Posts: 21
Joined: Fri Sep 24, 2010 5:03 am

Re: NAT64 and DNS64

Thu Sep 30, 2010 12:11 pm

Why can't you run Dual Stack?
When the address space is exhausted what IPv4 address would you use? There will not be any even if you want to NAT everything on a single one.

And no, double NAT is neither acceptable nor legal here in Italy for ISPs.

Bye,
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Thu Sep 30, 2010 1:37 pm

double NAT is neither acceptable nor legal here in Italy for ISPs.
You can legislate all you like, but once there is no more IPv4 space to go around thats the end of the game.

I still don't see how NAT64 solves this problem especially if the ISP is not allowed to use NAT.
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Thu Sep 30, 2010 2:32 pm

I think I like this one better.
http://tools.ietf.org/html/draft-xli-behave-ivi-07
Translates both ways not just IPv6 to IPv4.
Stateless, so no NAT timeouts.
Has been in production for some time at CERTNET in China.
Download Linux implementation http://linux.ivi2.org/impl/
 
charliebrown
Member Candidate
Member Candidate
Posts: 130
Joined: Wed Dec 17, 2008 3:27 am

Re: NAT64 and DNS64

Fri Oct 01, 2010 2:04 am

double NAT is neither acceptable nor legal here in Italy for ISPs.
You can legislate all you like, but once there is no more IPv4 space to go around thats the end of the game.

I still don't see how NAT64 solves this problem especially if the ISP is not allowed to use NAT.
Because there is no port NAT only address NAT, Its not like what your used to, v6 address port 1000 maps to v4 address port 1000 but then the next connection on port 2000 can map to another v4 address, Its not port natting where you have a couple of hundred users behind a single v4 address and once someone takes port 1000 nobody else can use it, with NAT64 if another user wants to use port 1000 it will map to another v4 address
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Fri Oct 01, 2010 11:18 am

double NAT is neither acceptable nor legal here in Italy for ISPs.
You can legislate all you like, but once there is no more IPv4 space to go around thats the end of the game.

I still don't see how NAT64 solves this problem especially if the ISP is not allowed to use NAT.
Because there is no port NAT only address NAT, Its not like what your used to, v6 address port 1000 maps to v4 address port 1000 but then the next connection on port 2000 can map to another v4 address, Its not port natting where you have a couple of hundred users behind a single v4 address and once someone takes port 1000 nobody else can use it, with NAT64 if another user wants to use port 1000 it will map to another v4 address
What a load on nonsense. If NAT64 worked like that it would be a huge waste of IPv4 address space
and besides,
if you wanted NAT44 to work like that then it's pretty easy to do in iptables or ROS.
The IPv4 address pool is a set of IPv4 addresses, normally a prefix
assigned by the local administrator. Since IPv4 address space is a
scarce resource, the IPv4 address pool is small and typically not
sufficient to establish permanent one-to-one mappings with IPv6
addresses. So, except for the static/manually created ones, mappings
using the IPv4 address pool will be created and released dynamically.
Moreover, because of the IPv4 address scarcity, the usual practice
for NAT64 is likely to be the binding of IPv6 transport addresses
into IPv4 transport addresses, instead of IPv6 addresses into IPv4
addresses directly, enabling a higher utilization of the limited IPv4
address pool. This implies that NAT64 performs both address and port
translation.
 
charliebrown
Member Candidate
Member Candidate
Posts: 130
Joined: Wed Dec 17, 2008 3:27 am

Re: NAT64 and DNS64

Fri Oct 01, 2010 11:45 am

What a load on nonsense. If NAT64 worked like that it would be a huge waste of IPv4 address space
and besides,
if you wanted NAT44 to work like that then it's pretty easy to do in iptables or ROS.
The IPv4 address pool is a set of IPv4 addresses, normally a prefix
assigned by the local administrator. Since IPv4 address space is a
scarce resource, the IPv4 address pool is small and typically not
sufficient to establish permanent one-to-one mappings with IPv6
addresses. So, except for the static/manually created ones, mappings
using the IPv4 address pool will be created and released dynamically.
Moreover, because of the IPv4 address scarcity, the usual practice
for NAT64 is likely to be the binding of IPv6 transport addresses
into IPv4 transport addresses, instead of IPv6 addresses into IPv4
addresses directly, enabling a higher utilization of the limited IPv4
address pool. This implies that NAT64 performs both address and port
translation.
I suggest you gain access to NAT64 devices a v6 client accessing v4 space will use the same port on v4 that the v6 address is attempting to use thus its normal mode is only to address translate and will port translate only when the v4 pool assigned to the NAT64 box is exhausted for the v6 side port
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Fri Oct 01, 2010 12:06 pm

I suggest you gain access to NAT64 devices a v6 client accessing v4 space will use the same port on v4 that the v6 address is attempting to use thus its normal mode is only to address translate and will port translate only when the v4 pool assigned to the NAT64 box is exhausted for the v6 side port
NAT44 will also keep the port the same if it can. However it will always change the port in preference to changing the address. The reason for this is to do with the RELATED state. Firewall hole punching requires the IP Addresses to match to work, If you start changing the address while keeping the port the same, then hole punching will cease to work and it will break heaps of applications.

See http://en.wikipedia.org/wiki/Hole_punching for more information.
 
charliebrown
Member Candidate
Member Candidate
Posts: 130
Joined: Wed Dec 17, 2008 3:27 am

Re: NAT64 and DNS64

Fri Oct 01, 2010 12:20 pm

You dont need hole punching unless the application your attempting to use sends the IP contact info within the packet i.e SIP/RTP/FTP etc

NAT44 is not a solution that helps us, NAT64 does it and much more like allowing pure v6 CPE users to access the v4 world, But perhaps this is a tech that should be kept in the big boys league of Cisco/Juniper as those that will actually run into the NAT44 issues will have the money to buy them
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Fri Oct 01, 2010 12:28 pm

You dont need hole punching unless the application your attempting to use sends the IP contact info within the packet i.e SIP/RTP/FTP etc
I think you're confusing Hole Punching with ALG (Application Layer Gateway) kernel modules.
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Fri Oct 01, 2010 12:30 pm

allowing pure v6 CPE users to access the v4 world, But perhaps this is a tech that should be kept in the big boys league of Cisco/Juniper as those that will actually run into the NAT44 issues will have the money to buy them
Finally we actually agree on something. Although I was not aware that Juniper had a NAT64 offering!
Last edited by bevhost on Fri Oct 01, 2010 12:34 pm, edited 1 time in total.
 
charliebrown
Member Candidate
Member Candidate
Posts: 130
Joined: Wed Dec 17, 2008 3:27 am

Re: NAT64 and DNS64

Fri Oct 01, 2010 12:33 pm

You dont need hole punching unless the application your attempting to use sends the IP contact info within the packet i.e SIP/RTP/FTP etc
I think you're confusing Hole Punching with ALG (Application Layer Gateway) kernel modules.
Maybe I am :) Its late where I am
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Fri Oct 01, 2010 12:47 pm

Can anyone who has a NAT64/DNS64 setup try a couple of tests for me.

http://66.102.11.104/

And how well does skype work?
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Fri Oct 01, 2010 12:50 pm

And how well does skype work?
Or MSN ?
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Mon Oct 04, 2010 5:07 am

Has anyone had a look at this?

http://www.isc.org/software/aftr

AFTR (Address Family Transition Router) is the latest product in ISC's family of open source Internet infrastructure products. Developed in concert with Comcast, AFTR 1.0 is intended to ease the transition from IPv4 to IPv6 by allowing legacy IPv4 end sites such as home PCs to interact with IPv4 content providers and services over an IPv6 carrier infrastructure. As with ISC's other products, as the Dual Stack Lite protocol evolves, AFTR will strive to remain an up to date reference implementation as well as a robust enterprise grade router technology.
 
daffster
just joined
Topic Author
Posts: 14
Joined: Sun Jul 27, 2008 9:18 pm
Contact:

Re: NAT64 and DNS64

Mon Oct 18, 2010 6:52 pm

I've added NAT64 and DNS64 to the unofficial Feature Request page.

http://wiki.mikrotik.com/wiki/RouterBOA ... re_Request

Feel free to add your votes and move it up the list
 
Ozelo
Member
Member
Posts: 338
Joined: Fri Jun 02, 2006 3:56 am

Re: NAT64 and DNS64

Mon Oct 18, 2010 9:43 pm

I've added NAT64 and DNS64 to the unofficial Feature Request page.

http://wiki.mikrotik.com/wiki/RouterBOA ... re_Request

Feel free to add your votes and move it up the list
Isn't that list just for "hardware"? Thought NAT64 was a "software" implementation... Although Ive seen other soft ones in there. *bump*
 
dssmiktik
Forum Veteran
Forum Veteran
Posts: 732
Joined: Fri Aug 17, 2007 8:42 am

Re: NAT64 and DNS64

Tue Oct 19, 2010 12:27 am

For software requests, here is the current wiki page:
http://wiki.mikrotik.com/wiki/MikroTik_ ... e_Requests
 
daffster
just joined
Topic Author
Posts: 14
Joined: Sun Jul 27, 2008 9:18 pm
Contact:

Re: NAT64 and DNS64

Tue Oct 19, 2010 1:00 pm

Good Point.

I see its on that page too. I've added my name to the list.
 
User avatar
Paxy
just joined
Posts: 21
Joined: Mon May 26, 2008 8:28 pm

Re: NAT64 and DNS64

Thu Oct 28, 2010 12:05 pm

I am fully supporting idea of NAT64.
Until dual stack is active, administrator will keep forcing IPv4 due its simplicity and short form of ip address that is easy to remember.
Only way to accelerate improvement process by transferring completely to IPv6 is to transfer small networks and become prepared for WAN IPv6 transfer.

We would not be ready do deploy IPv6 until we give up IPv4. This is legacy rule !
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Thu Oct 28, 2010 10:46 pm

HI, Just returned from the IPv6 Forum Conference in Melbourne, Australia and the current advice is.

Dual Stack where you can.
Tunnel where you can't
Use NAT if you have a gun to your head.
 
Beccara
Long time Member
Long time Member
Posts: 606
Joined: Fri Apr 08, 2005 3:13 am

Re: NAT64 and DNS64

Thu Oct 28, 2010 11:23 pm

What conference was that? Most SIG's are saying Translation like NAT64 is the best path since Dual-Stack only works when you have v4 space left to hand out, then its onto Dual-Stack with NAT444 on the v4 side which as you've pointed out - Would need a gun to your head
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Fri Oct 29, 2010 3:27 am

I would think that NAT444 + Dual Stack would work much better than NAT64/DNS64.
If you would need a gun to your head to do NAT444 then you'll need an even bigger gun to do NAT64.

If you think NAT64 will solve any of your problems think again.
Heaps of stuff doesn't work with NAT64.
About the only thing broken with NAT444 is UPnP, and that can be resolved with Manual Port Forwarding.
 
Beccara
Long time Member
Long time Member
Posts: 606
Joined: Fri Apr 08, 2005 3:13 am

Re: NAT64 and DNS64

Fri Oct 29, 2010 3:37 am

Do you really think manual port forwarding at the ISP level is ever going to work?? I doubt we'll see NAT64 in ROS but the big players are deploying it, It will likely end up another transition step after large scale ISP's find that NAT444 is just not worth the hassle.

Have you actually used NAT64 before? Its quite nice, There is a liveCD floating around, Very fun turning off v4 on your computer and having everything keep working :)
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Fri Oct 29, 2010 4:08 am

Do you really think manual port forwarding at the ISP level is ever going to work?? I doubt we'll see NAT64 in ROS but the big players are deploying it, It will likely end up another transition step after large scale ISP's find that NAT444 is just not worth the hassle.

Have you actually used NAT64 before? Its quite nice, There is a liveCD floating around, Very fun turning off v4 on your computer and having everything keep working :)
Did you try it with Windows XP? Mac OS X?

When you say everything keeps working? What did you test? I'm sure outbound connections would work but what about P2P applications?
Skype?
What about http://66.102.11.104/
Or inbound connections can you remote desktop to an XP computer through NAT64?
How do inbound connections work from the IPv4 Internet?
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Fri Oct 29, 2010 4:15 am

I can see some benefit of NAT64 for some of the Mobile phone providers in countries like India and China that are turning on new mobile devices at a staggering rate. Some newer mobile devices do support IPv6 quite well and they need access to legacy web servers on IPv4 and that is a good reason to use NAT64, so yes I agree the big players will role it out, but I doubt they will use RouterOS.
 
Beccara
Long time Member
Long time Member
Posts: 606
Joined: Fri Apr 08, 2005 3:13 am

Re: NAT64 and DNS64

Fri Oct 29, 2010 5:19 am

Do you really think manual port forwarding at the ISP level is ever going to work?? I doubt we'll see NAT64 in ROS but the big players are deploying it, It will likely end up another transition step after large scale ISP's find that NAT444 is just not worth the hassle.

Have you actually used NAT64 before? Its quite nice, There is a liveCD floating around, Very fun turning off v4 on your computer and having everything keep working :)
Did you try it with Windows XP? Mac OS X?

When you say everything keeps working? What did you test? I'm sure outbound connections would work but what about P2P applications?
Skype?
What about http://66.102.11.104/
Or inbound connections can you remote desktop to an XP computer through NAT64?
How do inbound connections work from the IPv4 Internet?
Web browsing worked fine, never ran into an issue. Skype worked for voice but I didnt try video (Never had a need) Existing NAT-busting methods used in alot of software works fine but will run into issues in a NAT444 setup. SIP and FTP had issues due to IP info carried inside the application level data. Some form of ALG ala NAT-PT will help with this

NAT444 is already in place by a lot of MT users, I believe our resident forum troll here doesnt supply his clients with a public v4 so ROS demand for it will be low. The skill needed to put in place and debug something as complex as NAT64 will rule out most ROS users. I really dont think it will be worth MT's time to put something like this in place, NAT64 is a small bridge for those of us who will deploy v6 before the crunch, NAT444 will be clung onto by users who dont know how or who wont deploy v6
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Fri Oct 29, 2010 5:39 am

Web browsing worked fine, never ran into an issue. Skype worked for voice but I didnt try video (Never had a need) Existing NAT-busting methods used in alot of software works fine but will run into issues in a NAT444 setup. SIP and FTP had issues due to IP info carried inside the application level data. Some form of ALG ala NAT-PT will help with this
Sorry to keep on about this, but what OS did you try this on?
 
Beccara
Long time Member
Long time Member
Posts: 606
Joined: Fri Apr 08, 2005 3:13 am

Re: NAT64 and DNS64

Fri Oct 29, 2010 5:49 am

XP SP3
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1768
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: NAT64 and DNS64

Fri Oct 29, 2010 8:54 am

If i may jump into conversation.
From what i notices MikroTik really loves when feature description is set in stone - so there are actual "Internet Standard".

From what i was able to find on this topic is:

a) http://tools.ietf.org/id/draft-bagnulo- ... t64-03.txt
"This Internet-Draft will expire on September 8, 2009"

b) http://tools.ietf.org/html/draft-ietf-b ... tateful-00
"This Internet-Draft will expire on January 5, 2010"

So, it is not even "Proposed Standard" not talking about "Draft Standard" and "Internet Standard"...

IF i'm missing something, please, provide me proper links :)
 
User avatar
bevhost
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Sep 13, 2010 6:33 am
Location: Brisbane, Queensland, Australia
Contact:

Re: NAT64 and DNS64

Fri Oct 29, 2010 2:09 pm

There is a liveCD floating around
Ok, so I found the CD, downloaded it, had a play. Read the specs.,

It's really only designed to allow IP6 only clients to access IPv4 legacy servers.
It's not meant for Ipv4 to Ipv6 connections and not designed to do P2P applications.

It might allow for Hole Punching in the way that firewalls allow reverse connections in RELATED state, but that's all.

So once they get the ALG's written, it will catch up to where NAT44 is now and you'll be able to move on from Dual Stack to IPv6 Only Stack.
 
Beccara
Long time Member
Long time Member
Posts: 606
Joined: Fri Apr 08, 2005 3:13 am

Re: NAT64 and DNS64

Sun Oct 31, 2010 9:51 pm

Its PoC code, Meant as a simple demo. I'm not even sure the linux code is being actively worked on. Anyway this topic is pointless as MT will never put something like NAT64 into ROS and alot of people around here already do NAT444.
 
eduardomazolini
newbie
Posts: 31
Joined: Thu Jul 16, 2015 9:14 pm

Re: NAT64 and DNS64

Mon Jul 04, 2016 8:29 pm

If i may jump into conversation.
From what i notices MikroTik really loves when feature description is set in stone - so there are actual "Internet Standard".

From what i was able to find on this topic is:

a) http://tools.ietf.org/id/draft-bagnulo- ... t64-03.txt
"This Internet-Draft will expire on September 8, 2009"

b) http://tools.ietf.org/html/draft-ietf-b ... tateful-00

"This Internet-Draft will expire on January 5, 2010"

So, it is not even "Proposed Standard" not talking about "Draft Standard" and "Internet Standard"...

IF i'm missing something, please, provide me proper links :)
http://tools.ietf.org/html/rfc6146
 
Zorro
Long time Member
Long time Member
Posts: 675
Joined: Wed Apr 16, 2014 2:43 pm

Re: NAT64 and DNS64

Wed Jul 06, 2016 1:09 am

aside NAT64 relevant things - 6877 https://tools.ietf.org/html/rfc6877 was apprently common as say wiukd 6rd, DS, DS-lite or other things from that list https://en.wikipedia.org/wiki/IPv6_tran ... mechanisms
(in which - ANY thing make sense and important).
from proprietary stuff among it perhaps MAP by CISCO was imprtant(rest, including ommited from article - not so much, perhaps. or even known at all).
fron "unemplemented yet" not finalised things i personally would care about IPv6 to IPv6 NAT(some would say "it make no sense", but sadly it is. already :(
 
andersonlich
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Feb 26, 2009 1:05 pm

Re: NAT64 and DNS64

Wed Jul 13, 2016 2:52 am

v6 should be end to end connection. But if mikrotik released this feature that should be +10.
 
mohmultihouse
just joined
Posts: 8
Joined: Wed Dec 28, 2016 11:43 am

Re: NAT64 and DNS64

Tue Jan 03, 2017 9:29 am

i second this, need NAT64 support.
 
Zorro
Long time Member
Long time Member
Posts: 675
Joined: Wed Apr 16, 2014 2:43 pm

Re: NAT64 and DNS64

Mon Feb 27, 2017 8:17 am

v6 should be end to end connection. But if mikrotik released this feature that should be +10.
not really. it "should" not.
and for that reasons both 4-to-6, 4-to-6 and even 6-to-6 NAT exist, just like 4-to-4 before. but implementation yet sporadic and incomplete, yet(to use "straight away/now").
 
mohmultihouse
just joined
Posts: 8
Joined: Wed Dec 28, 2016 11:43 am

Re: NAT64 and DNS64

Thu Mar 09, 2017 11:15 am

Google just made a public DNS64 server, NAT64 gateway is more relevant then ever.
https://developers.google.com/speed/pub ... docs/dns64
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 207
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: NAT64 and DNS64

Sat Apr 29, 2017 4:02 pm

Here's to hoping IPv6 on Mikrotik will take a leap forward and become a more complete solution. With the IPv6 certification now available from Mikrotik, I'm crossing fingers they will press forward with an IPv6 implementation that is more usable.
 
Milan
just joined
Posts: 24
Joined: Tue Mar 05, 2013 3:34 am

Re: NAT64 and DNS64

Tue Jul 11, 2017 12:03 am

Google just made a public DNS64 server, NAT64 gateway is more relevant then ever.
https://developers.google.com/speed/pub ... docs/dns64
We really need NAT64. And also IPv6 NAT (not IPv6 masqureade, just NAT).
 
User avatar
zervan
Member
Member
Posts: 329
Joined: Fri Aug 20, 2010 10:43 pm
Location: Slovakia
Contact:

Re: NAT64 and DNS64

Wed Jul 26, 2017 10:18 pm

Is anything new about NAT64? Maybe some new RouterOS version?

If not, maybe this could be useful (at least for testing): http://www.internetsociety.org/deploy36 ... in-go6lab/
 
eliasbats
just joined
Posts: 12
Joined: Thu May 11, 2017 6:22 pm

Re: NAT64 and DNS64

Sat Sep 16, 2017 11:03 pm

Dear MT, Please consider NAT64!
 
wtm
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Tue May 24, 2011 5:27 am

Re: NAT64 and DNS64

Thu Jul 05, 2018 5:01 am

Bump ........
Is there anything new on this? As IPV4 addresses get in shorter demand?
 
enzain
just joined
Posts: 24
Joined: Wed Jan 17, 2018 9:15 pm

Re: NAT64 and DNS64

Wed Jan 30, 2019 10:44 am

Hi,

Any progress with nat64 and dns64?

Now in russia is actual, our internet regulator starting blocking sitews by IPv6 ...
 
mutinsa
just joined
Posts: 24
Joined: Tue Feb 06, 2018 4:55 am
Location: Plettenberg Bay, South Africa
Contact:

Re: NAT64 and DNS64

Sat Feb 09, 2019 4:36 pm

+1.
 
kalamaja
Member Candidate
Member Candidate
Posts: 114
Joined: Wed May 23, 2018 3:13 pm

Re: NAT64 and DNS64

Mon Dec 09, 2019 4:42 pm

As I see from the forum, request for NAT64 support has been up for last 9 years already. Maybe the time wasn't right then, but it definitely is now.

Adding NAT64 support would not be about NATing IPv6, but NATing the IPv4 hell out of the way to get rid of it faster, so it would definetly be engineering for the future.

Some arguments for NAT64:
1) All the main content providers and CDNs have switched over to IPv6 already, so NAT64 would be declining, not increasing service
2) DNS64 for Well-Known Prefix 64:ff9b::/96 is offered by both Google and CloudFlare, so no actual need for own DNS64 server, but no problem to configure it for Bind or others
3) AppStores have had compatibility requirements for IPv6-only and NAT64 networks for several years now, so there's no actual problems with recent apps and applications. For old applications there are other mechanisms available as NAT64 is subset of XLAT464.
4) There will never be the time when all the internet services support IPv6, so we should NOT wait endlessly but start getting rid of IPv4 at our networks NOW.

At the moment stateless NAT64 takes two routing lines in edge router and external NAT64 device to get rid of IPv4. If Mikrotik would support NAT64, then it would take about two lines without the need for external NAT64 translation device.

Let NAT64 become a new NAT44!

Skype has been mentioned as a service that does not work in NAT64 enviroment, but it definitely works now.
 
User avatar
afink
newbie
Posts: 35
Joined: Wed May 29, 2013 7:16 pm
Location: Basel & Freetown
Contact:

Re: NAT64 and DNS64

Thu Jan 02, 2020 4:09 pm

Feature Request:

I wish Mikrotik would have NAT64. Im building a large wireless ISP for potential millions of users and IPv4 is something we would like to avoid completely and go directly to IPv6 only (there are no addresses available anyway). Doing NAT44 instead means a lot of more work to give out private IP addresses to every customer as well. This complicates things. We need to supply IPv6 anyway. So having only one infrastructure to deal with makes life simpler. If Mikrotik doesn't do it, we need to put some Linux servers for that aside. The DNS64 part is easy (just a bind9 option).
 
whitbread
Member Candidate
Member Candidate
Posts: 119
Joined: Fri Nov 08, 2013 9:55 pm

Re: NAT64 and DNS64

Thu Jan 02, 2020 11:23 pm

I think MTik is not ready for ipv6 so isn’t the world. My ISP is not offering ipv6 and my hope is that ipv8 is ready before ipv6 is largely used.
The absence of NATing in ipv6 is my main concern.
 
User avatar
afink
newbie
Posts: 35
Joined: Wed May 29, 2013 7:16 pm
Location: Basel & Freetown
Contact:

Re: NAT64 and DNS64

Sat Jan 04, 2020 11:45 am

I'm not sure on which world you are living in but in the places I am active (Europe & Africa), IPv6 is available everywhere on every backbone. And frankly if you start any ISP business now, you must be lucky if you can even get a /22 IPv4 range. In Europe you can't. IPv4 addresses are traded at 25€ per IP by now (used to be 7€ a couple of years back). So it is clear that IPv6 has arrive in the mainstream. There is no other option anymore. If you still try to stick with IPv4 only, you shoot yourself into your foot.

NAT64 is a solution to build on top of IPv6 a clean infrastructure, while having backwards compatibility to the old broken world.
IPv6 is here to stay. IPv4 is here to disappear sometimes in the future. And that future is not so far away.

If I'm building a new network from scratch, I rather use NAT64 at the edge to be backwards compatible to the old world, than to plan dual stack + NAT44 everywhere. It adds complexity in routing (two routing protocols instead of one), address management (having to deal with all the private IP address space), potential conflicts (customers might also use the same IP ranges in their LAN), memory consumption (more routes), bandwidth (more routing messages), cpu load.

In a small application this might not matter but if you plan to serve millions of users, this does have a big effect.
 
enzain
just joined
Posts: 24
Joined: Wed Jan 17, 2018 9:15 pm

Re: NAT64 and DNS64

Thu Feb 27, 2020 10:19 am

We need NAT64.

(DNS64 can be used from Google)

Why is not implemented yet :(
 
AlexS
Member Candidate
Member Candidate
Posts: 282
Joined: Thu Oct 10, 2013 7:21 am

Re: NAT64 and DNS64

Sun Mar 01, 2020 6:12 am

Wow 9 years in the making !
 
User avatar
luciano
just joined
Posts: 12
Joined: Fri Nov 25, 2005 12:32 am
Location: Ponta Grossa/PR
Contact:

Re: NAT64 and DNS64

Thu May 07, 2020 3:31 pm

+1 that need NAT64
 
xeniphon
just joined
Posts: 3
Joined: Wed Jan 06, 2016 8:15 am

Re: NAT64 and DNS64

Fri Sep 11, 2020 8:57 pm

+1 that need NAT64

https://developers.google.com/speed/pub ... docs/dns64
To take the next step of the transition to IPv6 and deploy IPv6-only networks, network operators must still preserve access to IPv4-only networks and services. There are several transition mechanisms to provide IPv6 access to IPv4; an increasingly popular choice with many network operators is NAT64. Using a NAT64 gateway with IPv4-IPv6 translation capability lets IPv6-only clients connect to IPv4-only services via synthetic IPv6 addresses starting with a prefix that routes them to the NAT64 gateway.

DNS64 is a DNS service that returns AAAA records with these synthetic IPv6 addresses for IPv4-only destinations (with A but not AAAA records in the DNS). This lets IPv6-only clients use NAT64 gateways without any other configuration. Google Public DNS64 provides DNS64 as a global service using the reserved NAT64 prefix 64:ff9b::/96.
It would be nice if my Hex router had the "NAT64" voodoo.
 
manoranjantiwary
just joined
Posts: 1
Joined: Fri Apr 01, 2016 10:32 am

Re: NAT64 and DNS64

Wed Sep 16, 2020 6:10 pm

+1 For NAT64
Currently using this in my Network https://www.jool.mx/en/index.html
 
User avatar
bekreyev
just joined
Posts: 2
Joined: Mon Oct 26, 2020 6:33 pm
Location: Ulyanovsk, Russia
Contact:

Re: NAT64 and DNS64

Tue Oct 27, 2020 4:28 pm

I need IPv6-only network and NAT64 for this, please make NAT64 in Mikrotik?
 
antmix
just joined
Posts: 3
Joined: Sat Oct 12, 2019 6:19 pm

Re: NAT64 and DNS64

Wed Jan 06, 2021 1:39 pm

+1 For NAT64 and DNS64
 
kalamaja
Member Candidate
Member Candidate
Posts: 114
Joined: Wed May 23, 2018 3:13 pm

Re: NAT64 and DNS64

Thu Jan 14, 2021 10:20 am

With global 34.2%, almost 50% in US and more than 50% in Germany there's no need to proove that IPv6 is now, networks won't get smaller, NATs won't get simpler and streaming content won't decline, so there's growing need for IPv6-only networks. Please be the company that ignites the affordable way to start phasing out IPv4 from internal networks by allowing NAT64. NAT64 must be the new NAT44 that should be helper, not fact for networking.
 
platini
just joined
Posts: 7
Joined: Wed Mar 07, 2018 10:19 pm

Re: NAT64 and DNS64

Mon Apr 05, 2021 9:38 pm

+1 for NAT64. I can live with DNS64 on the powerdns recursor
 
kalamaja
Member Candidate
Member Candidate
Posts: 114
Joined: Wed May 23, 2018 3:13 pm

Re: NAT64 and DNS64

Mon Sep 13, 2021 9:59 am

Can anybody with more knowledge into latest addition of IPv6 NAT to 7.1RC confirm that NAT64 now possible?
I read actions they have right now are masquerade, dst-nat, and redirect.
 
User avatar
Ferrograph
Member Candidate
Member Candidate
Posts: 155
Joined: Wed Mar 07, 2012 4:05 am

Re: NAT64 and DNS64

Mon Apr 11, 2022 5:01 pm

Mobile operator EE in the UK are now issuing IPv6 only SIM cards so this is becoming more and more important, even urgent since I can now longer tell a client to get a SIM card and then go put LHG-LTEx dish on his roof and get him some decent internet.

Lots of clients have IPv4 only devices at home so cant move to IPv6 only LANs

I have so far drawn a blank how to do this without adding extra boxes which is awful solution given the power available in RouterOS
 
tdw
Forum Guru
Forum Guru
Posts: 2032
Joined: Sat May 05, 2018 11:55 am

Re: NAT64 and DNS64

Mon Apr 11, 2022 6:21 pm

DNS64 is incompatible with DNSSEC. As both Android & iOS have supported 464XLAT for a number of years I would expect this approach, a Stateless IP/ICMP Translator (SIIT) at the client and NAT64 at the provider, to become more widespread so Mikrotik support for this would be good.
 
crosswind
newbie
Posts: 46
Joined: Tue Feb 18, 2020 3:47 pm

Re: NAT64 and DNS64

Tue Apr 19, 2022 2:40 pm

i opened SUP-79815 for this and the response was:
We do not have any plans to add such a feature at the moment, but if more users will request it, we will see how this can be implemented.
so, i hope other people interested in NAT64 will also request it. (i also mentioned 464XLAT in my request, so i assume that response applies to both.)
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 3135
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: NAT64 and DNS64

Tue Apr 19, 2022 5:23 pm

i hope container support will help to solve this and many other needs
 
mmc
newbie
Posts: 41
Joined: Wed Dec 29, 2004 1:44 am

Re: NAT64 and DNS64

Thu Jun 09, 2022 2:59 pm

+1 for nat64
 
buraglio
Frequent Visitor
Frequent Visitor
Posts: 70
Joined: Mon Aug 10, 2015 5:59 pm
Location: +1 (217)
Contact:

Re: NAT64 and DNS64

Sat Jul 02, 2022 11:28 pm

DNS64 is incompatible with DNSSEC. As both Android & iOS have supported 464XLAT for a number of years I would expect this approach, a Stateless IP/ICMP Translator (SIIT) at the client and NAT64 at the provider, to become more widespread so Mikrotik support for this would be good.
PLAT is pretty much a required standard for many providers at this point. NAT64 would be a step toward better IPv6 adoption, and is a pretty gaping hole in Mikrotik ROS right now - I get asked about it frequently, and when the answer to Mikrotik customers is "yank out the CPE (for CLAT support) and the routers (for PLAT), you can probably guess the response.
 
buraglio
Frequent Visitor
Frequent Visitor
Posts: 70
Joined: Mon Aug 10, 2015 5:59 pm
Location: +1 (217)
Contact:

Re: NAT64 and DNS64

Thu Jan 12, 2023 5:57 pm

Hey Mikrotik, gentle reminder that NAT64 is still pretty important and should be added ASAP. CLAT client would be pretty useful too....just sayin'.
 
imranniazi
just joined
Posts: 3
Joined: Sat Nov 16, 2019 12:37 pm

Re: NAT64 and DNS64

Thu Oct 19, 2023 11:24 pm

+1 made 100 posts...waiting for NAT64
 
kalamaja
Member Candidate
Member Candidate
Posts: 114
Joined: Wed May 23, 2018 3:13 pm

Re: NAT64 and DNS64

Thu Dec 21, 2023 10:11 am

Can anyone explain the current possibilities for NAT64 in Mikrotik?

I see there's parameter in IPv6 ND, but no clues anywhere else or example on how to use this:
pref64-prefixes (unspecified | ipv6 prefixes; Default: unspecified) Specify IPv6 prefix or list of prefixes within /32, /40. /48, /56, /64, or /96 subnet that will be provided to hosts as NAT64 prefixes.


I know the way to run tayga inside a container, but maybe there are more already built in?
 
DarkNate
Forum Guru
Forum Guru
Posts: 1065
Joined: Fri Jun 26, 2020 4:37 pm

Re: NAT64 and DNS64

Fri Dec 22, 2023 12:19 pm

Can anyone explain the current possibilities for NAT64 in Mikrotik?

I see there's parameter in IPv6 ND, but no clues anywhere else or example on how to use this:
pref64-prefixes (unspecified | ipv6 prefixes; Default: unspecified) Specify IPv6 prefix or list of prefixes within /32, /40. /48, /56, /64, or /96 subnet that will be provided to hosts as NAT64 prefixes.


I know the way to run tayga inside a container, but maybe there are more already built in?
The ND pref64 is different, this is a protocol option in IPv6 RA that allows you to inform the client of your NAT64 prefix.

Your NAT64 prefix can run on a Linux box for example with Jool

Who is online

Users browsing this forum: Elvis1991, garyjduk, Mosmos and 27 guests