--- /dev/null
+IPv6-only networks: Add NAT64, DNS64 and 6bed4
+
+> *Imagine a new server setup with only IPv6. Less complexity,
+> plenty of address space, global uniqueness and not the dual
+> nature that confuses debugging. But how to deal with IPv4
+> clients?*
+
+
+There are a few translation mechanisms for IPv4/IPv6, and the
+stateless translation of address headers with NAT64 is perhaps
+the simplest. Generally put, IPv4 addresses receive a /96
+prefix that makes them into IPv6 addresses, and local routing
+brings traffic back to the NAT64 router for translating back
+and delivery over IPv4 of the response.
+
+NAT64 works in conjunction with DNS64, which translates A
+query output to AAAA query output (if no direct addresses are
+usable). The /96 prefix used there is set to the same value
+as the one added by NAT64, so the forged AAAA records pass
+out through the translator and end up in the right IPv4
+address. DNS64 conflicts with DNSSEC, but its mapping may
+be applied after secure query processing.
+
+Given the small space available in IPv4, there are likely to
+be more multiplexing mechanisms, such as based on SRV records,
+hostnames such as in HTTP or Server Name Indications such as
+in TLS. This may be done after the translation by NAT64 into
+the IPv6 space, so redirection can be made to one of the many
+addresses then available.
+
+IPv4 does need NAT, and certainly on clients it is commonly
+employed. This means that port numbers can change between
+the client and server end points, and so peer-to-peer traffic
+is not as reliable as on IPv6, where addresses and ports are
+transparant, and only firewall-based filtering is used.
+This gives much more reliable peer-to-peer performance, and
+is preferred for the more advanced use cases.
+
+NAT64 will not be helpful for such situations, but 6bed4 is.
+The ability to send an IPv6 address in end-to-end communication,
+based on prior contact to a server, should help to build up
+reliable communication even if it actually runs over IPv4 and
+UDP. The UDP port will not get renumbered; if that is the only
+option, the 6bed4 system falls back to relaying through the
+server that originally saw the IPv4 address and UDP port. This
+would be rare, but it is a reassurance that it exists. With
+6bed4 it should therefore be possible to engage in full-blown
+peer-to-peer operations, and almost always enjoy the benefits
+of direct communication between the peers.
+
+In a scenario where a server employs NAT64 and 6bed4 service
+at the entrance, this is even more straightforward, as the
+6bed4 service would use its own IPv4 address in its endpoint
+address, and mention it again in the low half to hint that
+direct contact is the proper mechanism to use. The peering
+does get possible when the protocol connects parties that
+connect through these addresses, but if it fails then the
+server will be available for bouncing traffic between peers.
+
+DNS64 plays no role in the 6bed4 scenario. Servers that
+exhibit 6bed4 service announce their IPv6 address for the
+6bed4 service end point as an AAAA record.
+
+**Summary:** NAT64+DNS64 is useful for backward compatibility
+with client-server mode; for peer-to-peer operation however,
+6bed4 is a more reliable form. Clients can upgrade to the
+more reliable service by installing the 6bed4peer, but they
+are free to try a service without that explicit action.
+
projects / 6bed4 / commitdiff