• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Has HE considered providing DNS64/NAT64 Service

Started by IsaacFL, November 20, 2018, 09:44:48 AM

Previous topic - Next topic

IsaacFL

I have a working ipv6 configuration at home and was wondering if HE considered providing a cloud based DNS64/NAT64 solution so that I could get rid of dual stack locally?

I have tested using the following site, and see that it would work for me, but since it is based in Eastern Europe (I am USA), it adds significant lag.

https://go6lab.si/current-ipv6-tests/nat64dns64-public-test/

It seems this would be a service that would enable more wide spread usage of IPv6.

broquea

I'm still in the process of evaluating a larger scale deployment of this. The issue is policing it since it essentially becomes an open relay for connecting to IPv4 services. Even if limited to only allowing our address space, we still get bad actors sometimes using the tunnel service that we have to chase away.

If you have native dual-stack, your issue becomes that you would now be tunneling all your IPv4 traffic, and geolocation gets based on our server not you, and that can screw things up, and also impacts your throughput with tunnel-translation overhead.

If you are tunneled, and not running it locally, you'd be double backhauling the traffic by sending your IPv4 packet over your IPv6 tunnel to our nat64/dns64 box which itself tunnel-translates that IPv6 into IPv4, and then has to reverse all that to get the traffic back to you. The overhead on that is obnoxious.

chaz6

Would it be possible to limit it to those who have achieved guru status? I would certainly appreciate access to such a service.

snarked

If you're using the tunnelbroker service, you're dual stack, so what's the point?  If you're colocated, you're still dual stack....

IPv6 has been around for two decades now.  I've used it since 2003 (although 2003-2008 was 6to4 only).  What you should do is complain to sites that are still IPv4 only to get with the program.  Then again, I understand when we have (e.g.) the "big player" morons like Verizon that don't have IPv6 on their MX'ed mail servers (checked today), or Cogent which got an IPv6 allocation in 2003 but didn't use it until 2009 - not even on their routers.  I even commented to one device manufacturer in 2008 when its representative told me their equipment was IPv4 only that it was "broken" out of the box for not having IPv6.  They have no excuse.  Those who don't keep up should receive an "Internet Death Penalty" (cf. "Usenet death penalty").

Based on the reply above and HE's general attitude about pushing IPv6, I'd say that it was considered and rejected as unnecessary, and what you got was the "nice" answer.

IsaacFL

I think that based on HE's efforts to push ipv6, that the next logical step is for them to also assist those who now have ipv6 and no longer need tunnel access to be able to access legacy ipv4 external sites to help push even more ipv6 usage.

A HE cloud based NAT64 would provide a method to transition away from dual stack in our local networks. The only reason I have dual stack is due to outside sites. All of my local infrastructure supports ipv6.

kriteknetworks

As opposed to running your own nat64 setup, with 100% control over it, and not having to make your traffic traverse networks it doesn't need to, thus reducing overhead?