[AusNOG] Data retention compliant NAT64 or equivalent

Philip Loenneker Philip.Loenneker at tasmanet.com.au
Mon Apr 16 15:21:23 EST 2018 

Hi all,

Due to ever-decreasing IPv4, I've been investigating the possibility of providing IPv6-only Internet connections for customers. There are 2 key issues:

  *   Client devices that are IPv4-only
  *   Internet resources that are IPv4-only

For the client-side issue, I'm following up with our CPE vendor to see if 464XLAT or similar is available. I'll be labbing it up in the near future, but am hoping they can save me some time. Failing that, we may need to resort to CGNAT, but I'm hoping to avoid it.

For the Internet-side issue, I'm looking into options such as NAT64 (DNS64 is available on our resolvers, just not enabled). Some common options I've found include:
Jool.mx - seems like a well-used option, last updated in January this year. Doesn't appear to have good logging for NAT translations, might be possible with full debug logs but that is noisy.
Tayga - looks like it hasn't had an update since 2011, and may not support current Linux kernel versions. Couldn't find information on what logging is available.
Palo Alto PAN-OS - appears to have NAT64 functionality since 2013 and have regular updates. Lots of logging available. Commercial product (not that that is a show stopper).
Wrapsix - claims to be one of the fastest implementations, last update around 5 months ago. Only supports a single IPv4 address - I suspect that won't handle the load for us.
Ecdysis - looks like it hasn't had an update since 2014, however claims to be included in OpenBSD 5.1+ core release.
Various hardware, including Juniper, Cisco. I was disappointed to not find anything on Cumulus or Open Network Linux.

Most of the information related to implementing this kind of thing is international, which means they don't care about Australia-specific things like Data Retention.

I'm wondering if anyone out there has any tips on NAT64 or similar products that do or do not allow you to collect the necessary information for Data Retention. I appreciate any thoughts, on or off list.

Regards,
Philip Loenneker | Network Engineer | TasmaNet
40-50 Innovation Drive, Dowsing Point, Tas 7010, Australia
P: 1300 792 711
philip.loenneker at tasmanet.com.au<mailto:philip.loenneker at tasmanet.com.au>
www.tasmanet.com.au<http://www.tasmanet.com.au/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20180416/b1a1def9/attachment.html>

More information about the AusNOG mailing list