[afnog] NAT64 for Dual Stacking!

Frank Habicht geier at geier.ne.tz
Mon May 16 05:37:27 UTC 2016 

Hi Fabian,

[I have mentally removed "NAT64" from your email]

On 5/13/2016 7:36 AM, Fabian Jr wrote:
> Folks...
> 
> We are looking into way we can gradually deploy IPv6 in our network...

Good.

> Already we have it running and we have one Test Machine... The challenge
> we are facing is that from that machine with IPv6 and from other
> Machines with IPv4 we can't communicate in either direction..

Let's assume you have a /23 of public IPv4 addresses and a /48 .
And you're an academic institution, not a service provider.

Your router that connects to the outside already has both v4 and v6
addresses configured on the same internal interface?

The test machine is in one LAN/VLAN/subnet with the router (internal
interface)?
The test machine has both IPv4 and IPv6 configured?

It's best to first do "dual stack" - giving both IPv4 and IPv6 addresses
to all devices.
You can give your public IPv4 addresses to devices, or RFC1918 with NAT.
In IPv4 you can keep what's working for you now.

After you put an IPv6 address/subnet on each internal interface on your
router, you can put IPv6 addresses on the other devices directly
connected to it, in respectively the same subnets and the interface(s)
on your router (same as in IPv4). And then you can and should also
configure the IPv6 default route.

>From any machine you should be able to ping the router, in IPv4 and in IPv6.
machines can be other routers as well.

If you have other subnets that are not directly connected on your main
router, they are behind another router.
That's either NATing for those or not.
In both cases you should:
- ensure that the router can also do IPv6
- create another /64 subnet
- on your main router ensure the subnet gets routed to the other router,
   either dynamically or static route
- have the new router's interface to the distant subnet configured with
   an IPv6 address,
- configure machines on that subnet in the same IPv6 subnet, with
   gateway pointing to that router.

Can I visit you this evening about that?

Frank


> IPv6 Machine just communicate with IPv6 only machines like wise IPv4
> Machines just communicate with IPv4 machines....
> 
> A work around is to do NAT64 between the two subnets….
> 
> It seems the hardware (Cisco 2921 router with IOS Version 15.0) can’t do
> NAT64……..
> 
> From the internet it seems NAT64 runs on IOS-XE and IOS-CGSE which are
> Hardware dependent……..seems that we can’t upgrade IOS Version 15.0 to
> any the two which supports NAT64.
> 
> Before committing any expenses to acquire new router we want to reach
> out to the community for comments and advises….
> 
> Pls. review and advise.
> 
> Thank you…
> 
> 
>  
>  
> /Arbogast Fabian,/
> /cell:+255-78-447-8387/
> 
> 
> _______________________________________________
> afnog mailing list
> https://www.afnog.org/mailman/listinfo/afnog
>

More information about the afnog mailing list