Hypothetically, what if tunnels are opened from the exit server to the home
node carrying ipv4 over ipv6? Obviously this could be a lot of
implementation work.
-Jehan
On Thu, Apr 27, 2017 at 9:48 AM, Marc Juul <juul(a)labitat.dk> wrote:
On Thu, Apr 27, 2017 at 9:27 AM, Jehan Tremback <jehan.tremback(a)gmail.com>
wrote:
It seems like something that would be easy, just
NAT ipv4 traffic to IPv6
for our network. Can you link to any resources on these difficulties?
"Not every type of resource is accessible with NAT64. Protocols that embed
IPv4 literal addresses, such as SIP
<https://en.wikipedia.org/wiki/Session_Initiation_Protocol> and SDP
<https://en.wikipedia.org/wiki/Session_Description_Protocol>, FTP
<https://en.wikipedia.org/wiki/FTP>, WebSocket
<https://en.wikipedia.org/wiki/WebSocket>, Skype
<https://en.wikipedia.org/wiki/Skype>, MSN, and any other content with
IPv4 literals are excluded"
https://en.wikipedia.org/wiki/NAT64
"There are two noticeable issues with this transition mechanism:
- It only works for cases where DNS is used to find the remote host
address, if IPv4 literals are used the DNS64 server will never be involved.
- Because the DNS64 server needs to return records not specified by
the domain owner, DNSSEC <https://en.wikipedia.org/wiki/DNSSEC>
validation against the root
<https://en.wikipedia.org/wiki/DNSSEC#Deployment_at_the_DNS_root> will
fail in cases where the DNS server doing the translation is not the domain
owner's server. "
https://en.wikipedia.org/wiki/IPv6_transition_mechanism#DNS64
--
marc/juul