[j-nsp] NAT64 on an M7i

Phil Mayers p.mayers at imperial.ac.uk
Thu Feb 3 11:38:44 EST 2011


>> Just to make things clear as mud, NAT64 is a mechanism that does address
>> and protocol translation or NAT-PT, but it is probably best not to call
>> it that as "NAT-PT" was an old technique that was defined in an RFC and
>> was officially abandoned by the IETF. NAT64 is an externally similar
>> technique that is based on a new I-D and internally very different from
>> the old NAT-PT.
>
> This is a source of some confusion to me.
>
> NAT64 seems to make several (sensible) changes compared to NAT-PT:
>
> 1. DNS ALG is replaced by an external DNS64 server, and the DNS64
> algorithm is DNSSEC-capable
>
> 2. As a result of 1. the NAT64 does not need to be in the default route,
> and merely needs to have the NAT64 prefix routed to it
>
> ...but it's not obvious to me what *else* changed; the I-Ds are a bit...
> well, incomprehensible (to me) is probably the only phrase I can use. If
> you have any pointers to the differences, I'd be interested.

A bit of research turns up:

http://blog.ioshints.info/2010/06/is-nat64-subset-of-nat-pt.html

Broadly speaking, NAT64 mandates NAT behaviours that permit better NAT 
traversal and use of p2p apps (specifically RFC4787 and RFC5382)

It seems to me that, if your NAT-PT already had those behaviours, and 
didn't rely on the DNS ALG to open the NAT pinholes, it is basically NAT64?


More information about the juniper-nsp mailing list