SlideShare a Scribd company logo

NAT64/DNS64 experiments, warnings and one useful tool

APNIC
APNIC

1) The document discusses experiments testing how websites load over IPv6-only, NAT64, and DNS64 environments. It describes a public test bed and tool called NAT64Check that allows testing websites across different IPv6 transition technologies. 2) Issues found in real-world testing are discussed, such as invalid AAAA records causing problems. The document provides examples of DNS64 and NAT64 configurations used to filter out invalid records. 3) NAT64Check is described as a tool that tests websites from IPv4-only, IPv6-only, and NAT64-translated perspectives to identify loading issues and calculate a score. The code is open source and available on GitHub to allow others to use and contribute to

Internet
1 of 42
NAT64/DNS64 real life experiments, warnings and also one useful tool ...from go6lab.si and IPv6-lab.net Brought to you by: Jan Žorž Sander Steffann zorz@isoc.org sander@steffann.nl
Problem statement and real world status (Six Degrees of Inner Turbulence) IPv6 and IPv4 are incompatible on the wire. • We need transition and translation mechanisms between the two protocols • Mobile operators are massively switching devices to IPv6-only connectivity • millions of users • using 464XLAT (Android) or plain NAT64 (Apple) as a transition tool to access IPv4 content • Some people do weird stuff while adding AAAA to their DNS records • Important questions: • Do content providers know how their content will be seen from such environments? • Do connectivity providers know what their users’ experience on IPv6-only would be?
Credits, acknowledgments and supporters (Metropolis, Pt. 1: The Miracle and the Sleeper) Projects like this and all the massive amount of work cannot be performed without great support of people and companies that we work with: Internet Society - for Jan’s working time and funding of the numerous travels where we got the idea of the IPv6 issues while talking to operators and also future travels where we’ll talk about this topic (we are here, aren’t we? :) ) Go6 Institute Slovenia - for funding and running the Go6lab where we got connectivity, HW, SW and place to experiment with all this things IPv6 SJM Steffann for Sander’s working time, coding skills, massive energy and also HW/SW in their ipv6-lab.net to make this tool redundant. Corinne Pritchard for a lovely design of a tool’s front-end. Hugs :)
Go6lab NAT64/DNS64 public test-bed (The Test That Stumped Them All) Aimed at everyone who would like to test NAT64/DNS64 functionality 4 different implementations, 4 different instructions how to direct traffic there Used by operators Testing the idea of providing NAT64/DNS64 and/or 464XLAT to their users Used by application providers To see how their apps works in NAT64/DNS64 environment Used by HW/SW vendors Testing their solutions against multiple NAT64 vendors Gained quite some traction and momentum this days Instructions: https://go6lab.si/current-ipv6-tests/nat64dns64-public-test/
Go6lab NAT64/DNS64 test-bed
Go6lab NAT64/DNS64 test-bed
Go6lab NAT64/DNS64 test-bed HW/SW (Systematic Chaos)
Some DNS admins put “crap” in AAAA records (The Enemy Inside) Have you ever seen any of this values for AAAA record? :: ::1 ::ffff:[IPv4_addr] fe80::[some_value] 64:ff9b::[some_value] 2001:DB8::[some_value] If you have seen something like this and you know who did it, talk to that people and tell them to fix it. This sort of thing isn’t useful to anybody and severely impacts user experience. More: http://www.employees.org/~dwing/aaaa-stats/ (courtesy of Dan Wing)
Causing confusion with or without www (Breaking All Illusions) sander@MacPro:~$ host www.firstinsight.com www.firstinsight.com is an alias for 160569.group19.sites.hubspot.net. 160569.group19.sites.hubspot.net is an alias for cos2mdc.hubspot.net.mdc.edgesuite.net. cos2mdc.hubspot.net.mdc.edgesuite.net is an alias for a1711.b.akamai.net. a1711.b.akamai.net has address 88.221.254.18 a1711.b.akamai.net has address 88.221.254.10 sander@MacPro:~$ host firstinsight.com firstinsight.com has IPv6 address :: firstinsight.com mail is handled by 10 mx1.emailsrvr.com. firstinsight.com mail is handled by 20 mx2.emailsrvr.com.
When deploying in real life you need “fixes” (Build Me Up, Break Me Down) So, what can we do about it? We can figure out who this people are, contact them, warn them about the issue, educate them and ask them to fix the problem. Remember: If you are not part of solution, you are part of the problem. At the same time we can protect our users from bad user experience and set the “exclude” rules in our DNS64 servers. IANA allocated 2000::/3 as global unicast address pool, so whatever else is used in AAAA - it’s by default bogus and we can safely ignore that.
When deploying in real life you need “fixes” (Stream of Consciousness) BIND9 example of DNS64 configuration in go6lab: dns64 2001:67c:27e4:64::/96 { clients { any; }; mapped { !rfc1918; any; }; exclude { 0::/3; 4000::/2; 8000::/1; 2001:DB8::/32; }; break-dnssec yes; }; Explanation of “exclude” configuration parameter: If DNS64 server gets an AAAA record with a value of anything outside 2000::/3 - it ignores it and synthesizes the AAAA record from NAT64_prefix::IPv4_address
When deploying in real life you need “fixes” (Moment Of Betrayal) This fixes the most common errors and keeps your users relatively safe from bad user experience when using 464XLAT and NAT64 This also prevent issues when AAAA record contains an IPv6 documentation prefix, that is inside 2000::/3 block. “Break-dnssec yes” configuration directive: By default, DNS64 module does not process queries that request DNSSEC data (DO = 1) or that have DNSSEC RRs in the answer. Setting break-dnssec yes will override this default and cause policy processing on all DNSSEC queries. However, the constructed response will not have any DNSSEC records added and therefore cannot be verified by the client (it may have the unintended consequence of looking like a bogus response or even an injection attack to the client).
Without break-dnssec yes; (Enigma Machine)
With break-dnssec yes; (Enigma Machine)
When deploying in real life you need “fixes” (Stream of Consciousness) Unbound example of DNS64 configuration in go6lab: server: module-config: "dns64 validator iterator" dns64-prefix: 2001:67c:27e4:64::0/96 private-address: 0::/3 private-address: 4000::/2 private-address: 8000::/1 private-address: 2001:DB8::/32 # private-address: 64:FF9B::/96 # private-address: ::ffff:0:0/96 # private-address: ::1/128 # private-address: ::/128 interface: 2001:67c:27e4::64
More reading on DNS64 and DNSSEC – RFC 6147
Oops: firewalls.com IPv4 NAT64
Oops: firewalls.com IPv4 NAT64 Still waiting for that timeout…
Oops: firewalls.com IPv4 NAT64 Indeed, very secure...
Oops: firewalls.com IPv4 NAT64 Indeed, very secure, running on ::ffff:209.59.134.0…
Good DNS, bad server: notificaciones.060.es IPv4 IPv6 and NAT64
Good DNS, bad geolocation tool: shrani.si IPv4 IPv6 and NAT64
No AAAA, server still confused: uc.cn IPv4 NAT64
Good server, bad content: ebay-kleinanzeigen.de IPv4 and NAT64 IPv6
Good server, bad content: thegatewaypundit.com IPv4 and NAT64 IPv6
Non working AAAA record = broken NAT64 J
Working AAAA record and IPv4-only content
Working AAAA record and IPv4-only content
How to test for all of these things? (The Looking Glass) There are many things to test: Test on NAT64 Test on IPv6-only Did all resources (images, stylesheets, scripts) load ok? Does it look good to the user? Do we see any pMTUd issues? One service to test them all: NAT64Check !!!
(Caught in a web)
(Caught in a web)
(The Mirror)
(The Shattered Fortress)
We don’t “fix” brokenness (Lines in the Sand) For NAT64/DNS64 implementations in go6lab, we try to avoid AAAA bogus records and all our DNS64 configs are tuned like we have shown in previous slides. For NAT64 Check tool, however, we don’t exclude anything. We are trying to show how it is in reality and not mask problems. Those people, causing problems needs to find out the situation and fix it. https://nat64check.go6lab.si/ https://nat64check.ipv6-lab.net/
How does this work? (Illumination Theory) Four servers: Management server and web interface Server with only IPv4 Server with only IPv6 Server with NAT64 Go6lab specific: All servers are virtual machines (LIX) on Proxmox 4.2 virtualization cluster IPv6-lab.net specific: All running on virtual machines (Ubuntu) on a VMware cluster Using phantomjs as a command-line browser Keep track of all loaded (or not) resources Make a screenshot when the page has loaded Compare images with each other Check for resources that could not be loaded
How does this work? (Images and Words) IPv4-only Web client IPv6-only Web client IPv6-only + NAT64/DNS64 Web client DNS64 NAT64 IPv4 internet IPv6 internet Master and web interface
Run the test and calculate the score (Take the Time) Enter the domain name or URL that you would like to test and submit it to the system. The process of starting all needed browsers, get the results, grab the screen and calculate/compare all the results takes some time, so please be patient.
Run the test and calculate the score (Take the Time) You’ll see something like this for some time after you start the measurement... The system will show you when the test was requested, when test was started and will also show you the result in the same page after some time. No need to hit the “Back” button, it will happen, just give it some time. We promise. Scout’s word of honor. :)
Wash, rinse and repeat (Lifting Shadows of a Dream) • Test your website Are you sure all the images, analytics scripts etc. load over IPv6? If you don’t have IPv6 on your server: Did you hard-code any IPv4 addresses in your HTML code? In this case NAT64/ DNS64 will fail. You might get away with it on 464XLAT, but don’t count on it. Why you don’t have IPv6 on your server yet? If things fail - make sure you are persistent enough to find the issues. There are millions of potential viewers of your content on IPv6-only connection at this precise moment, make sure you don’t mess it up and that our tool shows the 100% good result. • Test again • Repeat until your website is no longer broken • If you are fixing a DNS misconfiguration - it might take some time before our tool gets and sees the new and fixed AAAA value. DNS propagation is slow.
Non properly working target domain = no content! (Learning To Live)
NAT64Check code available on GITHUB (In Constant Motion) • All code is free and open and it lives on GitHub. • Feel free to use it and/or contribute: https://github.com/sjm-steffann/nat64check
Conclusions, questions, suggestions? (Act II: Scene Eight: The Spirit Carries On) If you are content provider: test how people sees your content from different environments If you are connectivity provider: test how IPv6-only and 464XLAT/NAT64- DNS64 users sees content If both: all of the above J You might be surprised. Well, you probably will be surprised. https://nat64check.go6lab.si/ https://nat64check.ipv6-lab.net/ Jan Žorž Sander Steffann zorz@isoc.org sander@steffann.nl

Recommended

ION Durban - IPv6 Case Study (Liquid Telecom)
ION Durban - IPv6 Case Study (Liquid Telecom)ION Durban - IPv6 Case Study (Liquid Telecom)
ION Durban - IPv6 Case Study (Liquid Telecom)
Deploy360 Programme (Internet Society)
 
ION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid ItION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid It
Deploy360 Programme (Internet Society)
 
ION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
ION Durban - NAT64/DNS64 Experiments and the NAT64Check ToolION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
ION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
Deploy360 Programme (Internet Society)
 
Monitoring Cassandra: Don't Miss a Thing (Alain Rodriguez, The Last Pickle) |...
Monitoring Cassandra: Don't Miss a Thing (Alain Rodriguez, The Last Pickle) |...Monitoring Cassandra: Don't Miss a Thing (Alain Rodriguez, The Last Pickle) |...
Monitoring Cassandra: Don't Miss a Thing (Alain Rodriguez, The Last Pickle) |...
DataStax
 
Cassandra Meetup: Real-time Analytics using Cassandra, Spark and Shark at Ooyala
Cassandra Meetup: Real-time Analytics using Cassandra, Spark and Shark at OoyalaCassandra Meetup: Real-time Analytics using Cassandra, Spark and Shark at Ooyala
Cassandra Meetup: Real-time Analytics using Cassandra, Spark and Shark at Ooyala
DataStax Academy
 
Managing your Black Friday Logs NDC Oslo
Managing your Black Friday Logs NDC OsloManaging your Black Friday Logs NDC Oslo
Managing your Black Friday Logs NDC Oslo
David Pilato
 
Cassandra Metrics
Cassandra MetricsCassandra Metrics
Cassandra Metrics
Chris Lohfink
 
Managing your black friday logs Voxxed Luxembourg
Managing your black friday logs Voxxed LuxembourgManaging your black friday logs Voxxed Luxembourg
Managing your black friday logs Voxxed Luxembourg
David Pilato
 

Recommended

ION Durban - IPv6 Case Study (Liquid Telecom)
ION Durban - IPv6 Case Study (Liquid Telecom)ION Durban - IPv6 Case Study (Liquid Telecom)
ION Durban - IPv6 Case Study (Liquid Telecom)
Deploy360 Programme (Internet Society)
 
ION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid ItION Durban - DNSSEC, and Why We Can't Avoid It
ION Durban - DNSSEC, and Why We Can't Avoid It
Deploy360 Programme (Internet Society)
 
ION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
ION Durban - NAT64/DNS64 Experiments and the NAT64Check ToolION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
ION Durban - NAT64/DNS64 Experiments and the NAT64Check Tool
Deploy360 Programme (Internet Society)
 
Monitoring Cassandra: Don't Miss a Thing (Alain Rodriguez, The Last Pickle) |...
Monitoring Cassandra: Don't Miss a Thing (Alain Rodriguez, The Last Pickle) |...Monitoring Cassandra: Don't Miss a Thing (Alain Rodriguez, The Last Pickle) |...
Monitoring Cassandra: Don't Miss a Thing (Alain Rodriguez, The Last Pickle) |...
DataStax
 
Cassandra Meetup: Real-time Analytics using Cassandra, Spark and Shark at Ooyala
Cassandra Meetup: Real-time Analytics using Cassandra, Spark and Shark at OoyalaCassandra Meetup: Real-time Analytics using Cassandra, Spark and Shark at Ooyala
Cassandra Meetup: Real-time Analytics using Cassandra, Spark and Shark at Ooyala
DataStax Academy
 
Managing your Black Friday Logs NDC Oslo
Managing your Black Friday Logs NDC OsloManaging your Black Friday Logs NDC Oslo
Managing your Black Friday Logs NDC Oslo
David Pilato
 
Cassandra Metrics
Cassandra MetricsCassandra Metrics
Cassandra Metrics
Chris Lohfink
 
Managing your black friday logs Voxxed Luxembourg
Managing your black friday logs Voxxed LuxembourgManaging your black friday logs Voxxed Luxembourg
Managing your black friday logs Voxxed Luxembourg
David Pilato
 
Cassandra Community Webinar | Getting Started with Apache Cassandra with Patr...
Cassandra Community Webinar | Getting Started with Apache Cassandra with Patr...Cassandra Community Webinar | Getting Started with Apache Cassandra with Patr...
Cassandra Community Webinar | Getting Started with Apache Cassandra with Patr...
DataStax Academy
 
Monitoring Cassandra with Riemann
Monitoring Cassandra with RiemannMonitoring Cassandra with Riemann
Monitoring Cassandra with Riemann
Patricia Gorla
 
Riak Search - Berlin Buzzwords 2010
Riak Search - Berlin Buzzwords 2010Riak Search - Berlin Buzzwords 2010
Riak Search - Berlin Buzzwords 2010
Rusty Klophaus
 
Spark cassandra connector.API, Best Practices and Use-Cases
Spark cassandra connector.API, Best Practices and Use-CasesSpark cassandra connector.API, Best Practices and Use-Cases
Spark cassandra connector.API, Best Practices and Use-Cases
Duyhai Doan
 
Riak - From Small to Large
Riak - From Small to LargeRiak - From Small to Large
Riak - From Small to Large
Rusty Klophaus
 
Maximum Overdrive: Tuning the Spark Cassandra Connector (Russell Spitzer, Dat...
Maximum Overdrive: Tuning the Spark Cassandra Connector (Russell Spitzer, Dat...Maximum Overdrive: Tuning the Spark Cassandra Connector (Russell Spitzer, Dat...
Maximum Overdrive: Tuning the Spark Cassandra Connector (Russell Spitzer, Dat...
DataStax
 
Migration Best Practices: From RDBMS to Cassandra without a Hitch
Migration Best Practices: From RDBMS to Cassandra without a HitchMigration Best Practices: From RDBMS to Cassandra without a Hitch
Migration Best Practices: From RDBMS to Cassandra without a Hitch
DataStax Academy
 
SparkSQL et Cassandra - Tool In Action Devoxx 2015
SparkSQL et Cassandra - Tool In Action Devoxx 2015 SparkSQL et Cassandra - Tool In Action Devoxx 2015
SparkSQL et Cassandra - Tool In Action Devoxx 2015
Alexander DEJANOVSKI
 
Grid Middleware – Principles, Practice and Potential
Grid Middleware – Principles, Practice and PotentialGrid Middleware – Principles, Practice and Potential
Grid Middleware – Principles, Practice and Potential
Paul Brebner
 
Grid middleware is easy to install, configure, secure, debug and manage acros...
Grid middleware is easy to install, configure, secure, debug and manage acros...Grid middleware is easy to install, configure, secure, debug and manage acros...
Grid middleware is easy to install, configure, secure, debug and manage acros...
Paul Brebner
 
Cassandra Silicon Valley
Cassandra Silicon ValleyCassandra Silicon Valley
Cassandra Silicon Valley
Christopher Keller
 
Introduction to cassandra 2014
Introduction to cassandra 2014Introduction to cassandra 2014
Introduction to cassandra 2014
Patrick McFadin
 
Zero to Streaming: Spark and Cassandra
Zero to Streaming: Spark and CassandraZero to Streaming: Spark and Cassandra
Zero to Streaming: Spark and Cassandra
Russell Spitzer
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
grecsl
 
Managing your black friday logs - Code Europe
Managing your black friday logs - Code EuropeManaging your black friday logs - Code Europe
Managing your black friday logs - Code Europe
David Pilato
 
Billions of hits: Scaling Twitter (Web 2.0 Expo, SF)
Billions of hits: Scaling Twitter (Web 2.0 Expo, SF)Billions of hits: Scaling Twitter (Web 2.0 Expo, SF)
Billions of hits: Scaling Twitter (Web 2.0 Expo, SF)
John Adams
 
Apache cassandra and spark. you got the the lighter, let's start the fire
Apache cassandra and spark. you got the the lighter, let's start the fireApache cassandra and spark. you got the the lighter, let's start the fire
Apache cassandra and spark. you got the the lighter, let's start the fire
Patrick McFadin
 
All Your IOPS Are Belong To Us - A Pinteresting Case Study in MySQL Performan...
All Your IOPS Are Belong To Us - A Pinteresting Case Study in MySQL Performan...All Your IOPS Are Belong To Us - A Pinteresting Case Study in MySQL Performan...
All Your IOPS Are Belong To Us - A Pinteresting Case Study in MySQL Performan...
Ernie Souhrada
 
Performance Tuning with Zabbix - Zabbix Conference 2014 - Andrew Nelson
Performance Tuning with Zabbix - Zabbix Conference 2014 - Andrew NelsonPerformance Tuning with Zabbix - Zabbix Conference 2014 - Andrew Nelson
Performance Tuning with Zabbix - Zabbix Conference 2014 - Andrew Nelson
Andrew Nelson
 
Mike Krieger - A Brief, Rapid History of Scaling Instagram (with a tiny team)
Mike Krieger - A Brief, Rapid History of Scaling Instagram (with a tiny team)Mike Krieger - A Brief, Rapid History of Scaling Instagram (with a tiny team)
Mike Krieger - A Brief, Rapid History of Scaling Instagram (with a tiny team)
Jean-Luc David
 
IPv6 Deployment Status in Bangladesh
IPv6 Deployment Status in BangladeshIPv6 Deployment Status in Bangladesh
IPv6 Deployment Status in Bangladesh
APNIC
 
APIX Report
APIX ReportAPIX Report
APIX Report
APNIC
 

More Related Content

What's hot

Cassandra Community Webinar | Getting Started with Apache Cassandra with Patr...
Cassandra Community Webinar | Getting Started with Apache Cassandra with Patr...Cassandra Community Webinar | Getting Started with Apache Cassandra with Patr...
Cassandra Community Webinar | Getting Started with Apache Cassandra with Patr...
DataStax Academy
 
Monitoring Cassandra with Riemann
Monitoring Cassandra with RiemannMonitoring Cassandra with Riemann
Monitoring Cassandra with Riemann
Patricia Gorla
 
Riak Search - Berlin Buzzwords 2010
Riak Search - Berlin Buzzwords 2010Riak Search - Berlin Buzzwords 2010
Riak Search - Berlin Buzzwords 2010
Rusty Klophaus
 
Spark cassandra connector.API, Best Practices and Use-Cases
Spark cassandra connector.API, Best Practices and Use-CasesSpark cassandra connector.API, Best Practices and Use-Cases
Spark cassandra connector.API, Best Practices and Use-Cases
Duyhai Doan
 
Riak - From Small to Large
Riak - From Small to LargeRiak - From Small to Large
Riak - From Small to Large
Rusty Klophaus
 
Maximum Overdrive: Tuning the Spark Cassandra Connector (Russell Spitzer, Dat...
Maximum Overdrive: Tuning the Spark Cassandra Connector (Russell Spitzer, Dat...Maximum Overdrive: Tuning the Spark Cassandra Connector (Russell Spitzer, Dat...
Maximum Overdrive: Tuning the Spark Cassandra Connector (Russell Spitzer, Dat...
DataStax
 
Migration Best Practices: From RDBMS to Cassandra without a Hitch
Migration Best Practices: From RDBMS to Cassandra without a HitchMigration Best Practices: From RDBMS to Cassandra without a Hitch
Migration Best Practices: From RDBMS to Cassandra without a Hitch
DataStax Academy
 
SparkSQL et Cassandra - Tool In Action Devoxx 2015
SparkSQL et Cassandra - Tool In Action Devoxx 2015 SparkSQL et Cassandra - Tool In Action Devoxx 2015
SparkSQL et Cassandra - Tool In Action Devoxx 2015
Alexander DEJANOVSKI
 
Grid Middleware – Principles, Practice and Potential
Grid Middleware – Principles, Practice and PotentialGrid Middleware – Principles, Practice and Potential
Grid Middleware – Principles, Practice and Potential
Paul Brebner
 
Grid middleware is easy to install, configure, secure, debug and manage acros...
Grid middleware is easy to install, configure, secure, debug and manage acros...Grid middleware is easy to install, configure, secure, debug and manage acros...
Grid middleware is easy to install, configure, secure, debug and manage acros...
Paul Brebner
 
Cassandra Silicon Valley
Cassandra Silicon ValleyCassandra Silicon Valley
Cassandra Silicon Valley
Christopher Keller
 
Introduction to cassandra 2014
Introduction to cassandra 2014Introduction to cassandra 2014
Introduction to cassandra 2014
Patrick McFadin
 
Zero to Streaming: Spark and Cassandra
Zero to Streaming: Spark and CassandraZero to Streaming: Spark and Cassandra
Zero to Streaming: Spark and Cassandra
Russell Spitzer
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
grecsl
 
Managing your black friday logs - Code Europe
Managing your black friday logs - Code EuropeManaging your black friday logs - Code Europe
Managing your black friday logs - Code Europe
David Pilato
 
Billions of hits: Scaling Twitter (Web 2.0 Expo, SF)
Billions of hits: Scaling Twitter (Web 2.0 Expo, SF)Billions of hits: Scaling Twitter (Web 2.0 Expo, SF)
Billions of hits: Scaling Twitter (Web 2.0 Expo, SF)
John Adams
 
Apache cassandra and spark. you got the the lighter, let's start the fire
Apache cassandra and spark. you got the the lighter, let's start the fireApache cassandra and spark. you got the the lighter, let's start the fire
Apache cassandra and spark. you got the the lighter, let's start the fire
Patrick McFadin
 
All Your IOPS Are Belong To Us - A Pinteresting Case Study in MySQL Performan...
All Your IOPS Are Belong To Us - A Pinteresting Case Study in MySQL Performan...All Your IOPS Are Belong To Us - A Pinteresting Case Study in MySQL Performan...
All Your IOPS Are Belong To Us - A Pinteresting Case Study in MySQL Performan...
Ernie Souhrada
 
Performance Tuning with Zabbix - Zabbix Conference 2014 - Andrew Nelson
Performance Tuning with Zabbix - Zabbix Conference 2014 - Andrew NelsonPerformance Tuning with Zabbix - Zabbix Conference 2014 - Andrew Nelson
Performance Tuning with Zabbix - Zabbix Conference 2014 - Andrew Nelson
Andrew Nelson
 
Mike Krieger - A Brief, Rapid History of Scaling Instagram (with a tiny team)
Mike Krieger - A Brief, Rapid History of Scaling Instagram (with a tiny team)Mike Krieger - A Brief, Rapid History of Scaling Instagram (with a tiny team)
Mike Krieger - A Brief, Rapid History of Scaling Instagram (with a tiny team)
Jean-Luc David
 

What's hot (20)

Cassandra Community Webinar | Getting Started with Apache Cassandra with Patr...
Cassandra Community Webinar | Getting Started with Apache Cassandra with Patr...Cassandra Community Webinar | Getting Started with Apache Cassandra with Patr...
Cassandra Community Webinar | Getting Started with Apache Cassandra with Patr...
 
Monitoring Cassandra with Riemann
Monitoring Cassandra with RiemannMonitoring Cassandra with Riemann
Monitoring Cassandra with Riemann
 
Riak Search - Berlin Buzzwords 2010
Riak Search - Berlin Buzzwords 2010Riak Search - Berlin Buzzwords 2010
Riak Search - Berlin Buzzwords 2010
 
Spark cassandra connector.API, Best Practices and Use-Cases
Spark cassandra connector.API, Best Practices and Use-CasesSpark cassandra connector.API, Best Practices and Use-Cases
Spark cassandra connector.API, Best Practices and Use-Cases
 
Riak - From Small to Large
Riak - From Small to LargeRiak - From Small to Large
Riak - From Small to Large
 
Maximum Overdrive: Tuning the Spark Cassandra Connector (Russell Spitzer, Dat...
Maximum Overdrive: Tuning the Spark Cassandra Connector (Russell Spitzer, Dat...Maximum Overdrive: Tuning the Spark Cassandra Connector (Russell Spitzer, Dat...
Maximum Overdrive: Tuning the Spark Cassandra Connector (Russell Spitzer, Dat...
 
Migration Best Practices: From RDBMS to Cassandra without a Hitch
Migration Best Practices: From RDBMS to Cassandra without a HitchMigration Best Practices: From RDBMS to Cassandra without a Hitch
Migration Best Practices: From RDBMS to Cassandra without a Hitch
 
SparkSQL et Cassandra - Tool In Action Devoxx 2015
SparkSQL et Cassandra - Tool In Action Devoxx 2015 SparkSQL et Cassandra - Tool In Action Devoxx 2015
SparkSQL et Cassandra - Tool In Action Devoxx 2015
 
Grid Middleware – Principles, Practice and Potential
Grid Middleware – Principles, Practice and PotentialGrid Middleware – Principles, Practice and Potential
Grid Middleware – Principles, Practice and Potential
 
Grid middleware is easy to install, configure, secure, debug and manage acros...
Grid middleware is easy to install, configure, secure, debug and manage acros...Grid middleware is easy to install, configure, secure, debug and manage acros...
Grid middleware is easy to install, configure, secure, debug and manage acros...
 
Cassandra Silicon Valley
Cassandra Silicon ValleyCassandra Silicon Valley
Cassandra Silicon Valley
 
Introduction to cassandra 2014
Introduction to cassandra 2014Introduction to cassandra 2014
Introduction to cassandra 2014
 
Zero to Streaming: Spark and Cassandra
Zero to Streaming: Spark and CassandraZero to Streaming: Spark and Cassandra
Zero to Streaming: Spark and Cassandra
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
 
Managing your black friday logs - Code Europe
Managing your black friday logs - Code EuropeManaging your black friday logs - Code Europe
Managing your black friday logs - Code Europe
 
Billions of hits: Scaling Twitter (Web 2.0 Expo, SF)
Billions of hits: Scaling Twitter (Web 2.0 Expo, SF)Billions of hits: Scaling Twitter (Web 2.0 Expo, SF)
Billions of hits: Scaling Twitter (Web 2.0 Expo, SF)
 
Apache cassandra and spark. you got the the lighter, let's start the fire
Apache cassandra and spark. you got the the lighter, let's start the fireApache cassandra and spark. you got the the lighter, let's start the fire
Apache cassandra and spark. you got the the lighter, let's start the fire
 
All Your IOPS Are Belong To Us - A Pinteresting Case Study in MySQL Performan...
All Your IOPS Are Belong To Us - A Pinteresting Case Study in MySQL Performan...All Your IOPS Are Belong To Us - A Pinteresting Case Study in MySQL Performan...
All Your IOPS Are Belong To Us - A Pinteresting Case Study in MySQL Performan...
 
Performance Tuning with Zabbix - Zabbix Conference 2014 - Andrew Nelson
Performance Tuning with Zabbix - Zabbix Conference 2014 - Andrew NelsonPerformance Tuning with Zabbix - Zabbix Conference 2014 - Andrew Nelson
Performance Tuning with Zabbix - Zabbix Conference 2014 - Andrew Nelson
 
Mike Krieger - A Brief, Rapid History of Scaling Instagram (with a tiny team)
Mike Krieger - A Brief, Rapid History of Scaling Instagram (with a tiny team)Mike Krieger - A Brief, Rapid History of Scaling Instagram (with a tiny team)
Mike Krieger - A Brief, Rapid History of Scaling Instagram (with a tiny team)
 

Viewers also liked

IPv6 Deployment Status in Bangladesh
IPv6 Deployment Status in BangladeshIPv6 Deployment Status in Bangladesh
IPv6 Deployment Status in Bangladesh
APNIC
 
APIX Report
APIX ReportAPIX Report
APIX Report
APNIC
 
IPv6 Deployment: Case of Sudan/SudREN
IPv6 Deployment: Case of Sudan/SudRENIPv6 Deployment: Case of Sudan/SudREN
IPv6 Deployment: Case of Sudan/SudREN
APNIC
 
APRICOT 2017 conference network
APRICOT 2017 conference networkAPRICOT 2017 conference network
APRICOT 2017 conference network
APNIC
 
APNIC 43 Vote of Thanks
APNIC 43 Vote of ThanksAPNIC 43 Vote of Thanks
APNIC 43 Vote of Thanks
APNIC
 
IPv6 Readiness Measurement BoF Report
IPv6 Readiness Measurement BoF ReportIPv6 Readiness Measurement BoF Report
IPv6 Readiness Measurement BoF Report
APNIC
 
DMARC and mailing list
DMARC and mailing listDMARC and mailing list
DMARC and mailing list
APNIC
 
Apply SDN/NFV for MobiFone Network
Apply SDN/NFV for MobiFone NetworkApply SDN/NFV for MobiFone Network
Apply SDN/NFV for MobiFone Network
APNIC
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN Deployment
APNIC
 
The Age of Data-Driven Network Operations
The Age of Data-Driven Network OperationsThe Age of Data-Driven Network Operations
The Age of Data-Driven Network Operations
APNIC
 
The trend stats of routing table at JPIX route servers
The trend stats of routing table at JPIX route serversThe trend stats of routing table at JPIX route servers
The trend stats of routing table at JPIX route servers
APNIC
 
IPv6 at FPT Telecom
IPv6 at FPT TelecomIPv6 at FPT Telecom
IPv6 at FPT Telecom
APNIC
 
Myanmar IP Data Network
Myanmar IP Data NetworkMyanmar IP Data Network
Myanmar IP Data Network
APNIC
 
APNIC 44 Update
APNIC 44 UpdateAPNIC 44 Update
APNIC 44 Update
APNIC
 
Policy SIG Report
Policy SIG ReportPolicy SIG Report
Policy SIG Report
APNIC
 
FreeRangeRouting - A new Quagga fork with more open development
FreeRangeRouting - A new Quagga fork with more open developmentFreeRangeRouting - A new Quagga fork with more open development
FreeRangeRouting - A new Quagga fork with more open development
APNIC
 
BGP Shutdown Communication
BGP Shutdown CommunicationBGP Shutdown Communication
BGP Shutdown Communication
APNIC
 
Unknown Unicast Traffic and Ping Pollers
Unknown Unicast Traffic and Ping PollersUnknown Unicast Traffic and Ping Pollers
Unknown Unicast Traffic and Ping Pollers
APNIC
 
JANOG Update
JANOG UpdateJANOG Update
JANOG Update
APNIC
 
India IPv6 Measurement
India IPv6 MeasurementIndia IPv6 Measurement
India IPv6 Measurement
APNIC
 

Viewers also liked (20)

IPv6 Deployment Status in Bangladesh
IPv6 Deployment Status in BangladeshIPv6 Deployment Status in Bangladesh
IPv6 Deployment Status in Bangladesh
 
APIX Report
APIX ReportAPIX Report
APIX Report
 
IPv6 Deployment: Case of Sudan/SudREN
IPv6 Deployment: Case of Sudan/SudRENIPv6 Deployment: Case of Sudan/SudREN
IPv6 Deployment: Case of Sudan/SudREN
 
APRICOT 2017 conference network
APRICOT 2017 conference networkAPRICOT 2017 conference network
APRICOT 2017 conference network
 
APNIC 43 Vote of Thanks
APNIC 43 Vote of ThanksAPNIC 43 Vote of Thanks
APNIC 43 Vote of Thanks
 
IPv6 Readiness Measurement BoF Report
IPv6 Readiness Measurement BoF ReportIPv6 Readiness Measurement BoF Report
IPv6 Readiness Measurement BoF Report
 
DMARC and mailing list
DMARC and mailing listDMARC and mailing list
DMARC and mailing list
 
Apply SDN/NFV for MobiFone Network
Apply SDN/NFV for MobiFone NetworkApply SDN/NFV for MobiFone Network
Apply SDN/NFV for MobiFone Network
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN Deployment
 
The Age of Data-Driven Network Operations
The Age of Data-Driven Network OperationsThe Age of Data-Driven Network Operations
The Age of Data-Driven Network Operations
 
The trend stats of routing table at JPIX route servers
The trend stats of routing table at JPIX route serversThe trend stats of routing table at JPIX route servers
The trend stats of routing table at JPIX route servers
 
IPv6 at FPT Telecom
IPv6 at FPT TelecomIPv6 at FPT Telecom
IPv6 at FPT Telecom
 
Myanmar IP Data Network
Myanmar IP Data NetworkMyanmar IP Data Network
Myanmar IP Data Network
 
APNIC 44 Update
APNIC 44 UpdateAPNIC 44 Update
APNIC 44 Update
 
Policy SIG Report
Policy SIG ReportPolicy SIG Report
Policy SIG Report
 
FreeRangeRouting - A new Quagga fork with more open development
FreeRangeRouting - A new Quagga fork with more open developmentFreeRangeRouting - A new Quagga fork with more open development
FreeRangeRouting - A new Quagga fork with more open development
 
BGP Shutdown Communication
BGP Shutdown CommunicationBGP Shutdown Communication
BGP Shutdown Communication
 
Unknown Unicast Traffic and Ping Pollers
Unknown Unicast Traffic and Ping PollersUnknown Unicast Traffic and Ping Pollers
Unknown Unicast Traffic and Ping Pollers
 
JANOG Update
JANOG UpdateJANOG Update
JANOG Update
 
India IPv6 Measurement
India IPv6 MeasurementIndia IPv6 Measurement
India IPv6 Measurement
 

Similar to NAT64/DNS64 experiments, warnings and one useful tool

Critical Attributes for a High-Performance, Low-Latency Database
Critical Attributes for a High-Performance, Low-Latency DatabaseCritical Attributes for a High-Performance, Low-Latency Database
Critical Attributes for a High-Performance, Low-Latency Database
ScyllaDB
 
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Dan York
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73
APNIC
 
NameNode Analytics - Querying HDFS Namespace in Real Time
NameNode Analytics - Querying HDFS Namespace in Real TimeNameNode Analytics - Querying HDFS Namespace in Real Time
NameNode Analytics - Querying HDFS Namespace in Real Time
Plamen Jeliazkov
 
Challenges To Deploying New DNSSEC Cryptographic Algorithms
Challenges To Deploying New DNSSEC Cryptographic AlgorithmsChallenges To Deploying New DNSSEC Cryptographic Algorithms
Challenges To Deploying New DNSSEC Cryptographic Algorithms
Deploy360 Programme (Internet Society)
 
Essential Data Engineering for Data Scientist
Essential Data Engineering for Data Scientist Essential Data Engineering for Data Scientist
Essential Data Engineering for Data Scientist
SoftServe
 
The Past, Present, and Future of Hadoop at LinkedIn
The Past, Present, and Future of Hadoop at LinkedInThe Past, Present, and Future of Hadoop at LinkedIn
The Past, Present, and Future of Hadoop at LinkedIn
Carl Steinbach
 
Using Deep Learning to do Real-Time Scoring in Practical Applications - 2015-...
Using Deep Learning to do Real-Time Scoring in Practical Applications - 2015-...Using Deep Learning to do Real-Time Scoring in Practical Applications - 2015-...
Using Deep Learning to do Real-Time Scoring in Practical Applications - 2015-...
Greg Makowski
 
IPv6 Troubleshooting for Helpdesks
IPv6 Troubleshooting for HelpdesksIPv6 Troubleshooting for Helpdesks
IPv6 Troubleshooting for Helpdesks
Deploy360 Programme (Internet Society)
 
Big Data Analytics with Spark
Big Data Analytics with SparkBig Data Analytics with Spark
Big Data Analytics with Spark
DataStax Academy
 
Simpler, faster, cheaper Enterprise Apps using only Spring Boot on GCP
Simpler, faster, cheaper Enterprise Apps using only Spring Boot on GCPSimpler, faster, cheaper Enterprise Apps using only Spring Boot on GCP
Simpler, faster, cheaper Enterprise Apps using only Spring Boot on GCP
Daniel Zivkovic
 
IPv6 Greenfield
IPv6 Greenfield IPv6 Greenfield
IPv6 Greenfield
Bangladesh Network Operators Group
 
THOTCON - The War over your DNS Queries
THOTCON - The War over your DNS QueriesTHOTCON - The War over your DNS Queries
THOTCON - The War over your DNS Queries
John Bambenek
 
Rails Conf Europe 2007 Notes
Rails Conf Europe 2007 NotesRails Conf Europe 2007 Notes
Rails Conf Europe 2007 NotesRoss Lawley
 
Provisioning Servers Made Easy
Provisioning Servers Made EasyProvisioning Servers Made Easy
Provisioning Servers Made Easy
All Things Open
 
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017
Demi Ben-Ari
 
Avoiding big data antipatterns
Avoiding big data antipatternsAvoiding big data antipatterns
Avoiding big data antipatterns
grepalex
 

Similar to NAT64/DNS64 experiments, warnings and one useful tool (20)

Critical Attributes for a High-Performance, Low-Latency Database
Critical Attributes for a High-Performance, Low-Latency DatabaseCritical Attributes for a High-Performance, Low-Latency Database
Critical Attributes for a High-Performance, Low-Latency Database
 
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
 
IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73IPv6 and the DNS, RIPE 73
IPv6 and the DNS, RIPE 73
 
NameNode Analytics - Querying HDFS Namespace in Real Time
NameNode Analytics - Querying HDFS Namespace in Real TimeNameNode Analytics - Querying HDFS Namespace in Real Time
NameNode Analytics - Querying HDFS Namespace in Real Time
 
Challenges To Deploying New DNSSEC Cryptographic Algorithms
Challenges To Deploying New DNSSEC Cryptographic AlgorithmsChallenges To Deploying New DNSSEC Cryptographic Algorithms
Challenges To Deploying New DNSSEC Cryptographic Algorithms
 
Essential Data Engineering for Data Scientist
Essential Data Engineering for Data Scientist Essential Data Engineering for Data Scientist
Essential Data Engineering for Data Scientist
 
LinkedIn
LinkedInLinkedIn
LinkedIn
 
The Past, Present, and Future of Hadoop at LinkedIn
The Past, Present, and Future of Hadoop at LinkedInThe Past, Present, and Future of Hadoop at LinkedIn
The Past, Present, and Future of Hadoop at LinkedIn
 
Using Deep Learning to do Real-Time Scoring in Practical Applications - 2015-...
Using Deep Learning to do Real-Time Scoring in Practical Applications - 2015-...Using Deep Learning to do Real-Time Scoring in Practical Applications - 2015-...
Using Deep Learning to do Real-Time Scoring in Practical Applications - 2015-...
 
RP11_XaviertTorrentGorjon
RP11_XaviertTorrentGorjonRP11_XaviertTorrentGorjon
RP11_XaviertTorrentGorjon
 
IPv6 Troubleshooting for Helpdesks
IPv6 Troubleshooting for HelpdesksIPv6 Troubleshooting for Helpdesks
IPv6 Troubleshooting for Helpdesks
 
Big Data Analytics with Spark
Big Data Analytics with SparkBig Data Analytics with Spark
Big Data Analytics with Spark
 
Simpler, faster, cheaper Enterprise Apps using only Spring Boot on GCP
Simpler, faster, cheaper Enterprise Apps using only Spring Boot on GCPSimpler, faster, cheaper Enterprise Apps using only Spring Boot on GCP
Simpler, faster, cheaper Enterprise Apps using only Spring Boot on GCP
 
IPv6 Greenfield
IPv6 Greenfield IPv6 Greenfield
IPv6 Greenfield
 
THOTCON - The War over your DNS Queries
THOTCON - The War over your DNS QueriesTHOTCON - The War over your DNS Queries
THOTCON - The War over your DNS Queries
 
Rails Conf Europe 2007 Notes
Rails Conf Europe 2007 NotesRails Conf Europe 2007 Notes
Rails Conf Europe 2007 Notes
 
Provisioning Servers Made Easy
Provisioning Servers Made EasyProvisioning Servers Made Easy
Provisioning Servers Made Easy
 
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017
 
Ad disasters & how to prevent them
Ad disasters & how to prevent themAd disasters & how to prevent them
Ad disasters & how to prevent them
 
Avoiding big data antipatterns
Avoiding big data antipatternsAvoiding big data antipatterns
Avoiding big data antipatterns
 

More from APNIC

APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
APNIC
 
APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC
 
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
APNIC
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
APNIC
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
APNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
APNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APNIC
 

More from APNIC (20)

APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
 
APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27
 
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 

Recently uploaded

一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
CIOWomenMagazine
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Florence Consulting
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
ysasp1
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
zyfovom
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
cuobya
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
vmemo1
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
cuobya
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
Trish Parr
 

Recently uploaded (20)

一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
 

NAT64/DNS64 experiments, warnings and one useful tool

  • 1. NAT64/DNS64 real life experiments, warnings and also one useful tool ...from go6lab.si and IPv6-lab.net Brought to you by: Jan Žorž Sander Steffann zorz@isoc.org sander@steffann.nl
  • 2. Problem statement and real world status (Six Degrees of Inner Turbulence) IPv6 and IPv4 are incompatible on the wire. • We need transition and translation mechanisms between the two protocols • Mobile operators are massively switching devices to IPv6-only connectivity • millions of users • using 464XLAT (Android) or plain NAT64 (Apple) as a transition tool to access IPv4 content • Some people do weird stuff while adding AAAA to their DNS records • Important questions: • Do content providers know how their content will be seen from such environments? • Do connectivity providers know what their users’ experience on IPv6-only would be?
  • 3. Credits, acknowledgments and supporters (Metropolis, Pt. 1: The Miracle and the Sleeper) Projects like this and all the massive amount of work cannot be performed without great support of people and companies that we work with: Internet Society - for Jan’s working time and funding of the numerous travels where we got the idea of the IPv6 issues while talking to operators and also future travels where we’ll talk about this topic (we are here, aren’t we? :) ) Go6 Institute Slovenia - for funding and running the Go6lab where we got connectivity, HW, SW and place to experiment with all this things IPv6 SJM Steffann for Sander’s working time, coding skills, massive energy and also HW/SW in their ipv6-lab.net to make this tool redundant. Corinne Pritchard for a lovely design of a tool’s front-end. Hugs :)
  • 4. Go6lab NAT64/DNS64 public test-bed (The Test That Stumped Them All) Aimed at everyone who would like to test NAT64/DNS64 functionality 4 different implementations, 4 different instructions how to direct traffic there Used by operators Testing the idea of providing NAT64/DNS64 and/or 464XLAT to their users Used by application providers To see how their apps works in NAT64/DNS64 environment Used by HW/SW vendors Testing their solutions against multiple NAT64 vendors Gained quite some traction and momentum this days Instructions: https://go6lab.si/current-ipv6-tests/nat64dns64-public-test/
  • 7. Go6lab NAT64/DNS64 test-bed HW/SW (Systematic Chaos)
  • 8. Some DNS admins put “crap” in AAAA records (The Enemy Inside) Have you ever seen any of this values for AAAA record? :: ::1 ::ffff:[IPv4_addr] fe80::[some_value] 64:ff9b::[some_value] 2001:DB8::[some_value] If you have seen something like this and you know who did it, talk to that people and tell them to fix it. This sort of thing isn’t useful to anybody and severely impacts user experience. More: http://www.employees.org/~dwing/aaaa-stats/ (courtesy of Dan Wing)
  • 9. Causing confusion with or without www (Breaking All Illusions) sander@MacPro:~$ host www.firstinsight.com www.firstinsight.com is an alias for 160569.group19.sites.hubspot.net. 160569.group19.sites.hubspot.net is an alias for cos2mdc.hubspot.net.mdc.edgesuite.net. cos2mdc.hubspot.net.mdc.edgesuite.net is an alias for a1711.b.akamai.net. a1711.b.akamai.net has address 88.221.254.18 a1711.b.akamai.net has address 88.221.254.10 sander@MacPro:~$ host firstinsight.com firstinsight.com has IPv6 address :: firstinsight.com mail is handled by 10 mx1.emailsrvr.com. firstinsight.com mail is handled by 20 mx2.emailsrvr.com.
  • 10. When deploying in real life you need “fixes” (Build Me Up, Break Me Down) So, what can we do about it? We can figure out who this people are, contact them, warn them about the issue, educate them and ask them to fix the problem. Remember: If you are not part of solution, you are part of the problem. At the same time we can protect our users from bad user experience and set the “exclude” rules in our DNS64 servers. IANA allocated 2000::/3 as global unicast address pool, so whatever else is used in AAAA - it’s by default bogus and we can safely ignore that.
  • 11. When deploying in real life you need “fixes” (Stream of Consciousness) BIND9 example of DNS64 configuration in go6lab: dns64 2001:67c:27e4:64::/96 { clients { any; }; mapped { !rfc1918; any; }; exclude { 0::/3; 4000::/2; 8000::/1; 2001:DB8::/32; }; break-dnssec yes; }; Explanation of “exclude” configuration parameter: If DNS64 server gets an AAAA record with a value of anything outside 2000::/3 - it ignores it and synthesizes the AAAA record from NAT64_prefix::IPv4_address
  • 12. When deploying in real life you need “fixes” (Moment Of Betrayal) This fixes the most common errors and keeps your users relatively safe from bad user experience when using 464XLAT and NAT64 This also prevent issues when AAAA record contains an IPv6 documentation prefix, that is inside 2000::/3 block. “Break-dnssec yes” configuration directive: By default, DNS64 module does not process queries that request DNSSEC data (DO = 1) or that have DNSSEC RRs in the answer. Setting break-dnssec yes will override this default and cause policy processing on all DNSSEC queries. However, the constructed response will not have any DNSSEC records added and therefore cannot be verified by the client (it may have the unintended consequence of looking like a bogus response or even an injection attack to the client).
  • 15. When deploying in real life you need “fixes” (Stream of Consciousness) Unbound example of DNS64 configuration in go6lab: server: module-config: "dns64 validator iterator" dns64-prefix: 2001:67c:27e4:64::0/96 private-address: 0::/3 private-address: 4000::/2 private-address: 8000::/1 private-address: 2001:DB8::/32 # private-address: 64:FF9B::/96 # private-address: ::ffff:0:0/96 # private-address: ::1/128 # private-address: ::/128 interface: 2001:67c:27e4::64
  • 16. More reading on DNS64 and DNSSEC – RFC 6147
  • 18. Oops: firewalls.com IPv4 NAT64 Still waiting for that timeout…
  • 20. Oops: firewalls.com IPv4 NAT64 Indeed, very secure, running on ::ffff:209.59.134.0…
  • 21. Good DNS, bad server: notificaciones.060.es IPv4 IPv6 and NAT64
  • 22. Good DNS, bad geolocation tool: shrani.si IPv4 IPv6 and NAT64
  • 23. No AAAA, server still confused: uc.cn IPv4 NAT64
  • 24. Good server, bad content: ebay-kleinanzeigen.de IPv4 and NAT64 IPv6
  • 25. Good server, bad content: thegatewaypundit.com IPv4 and NAT64 IPv6
  • 26. Non working AAAA record = broken NAT64 J
  • 27. Working AAAA record and IPv4-only content
  • 28. Working AAAA record and IPv4-only content
  • 29. How to test for all of these things? (The Looking Glass) There are many things to test: Test on NAT64 Test on IPv6-only Did all resources (images, stylesheets, scripts) load ok? Does it look good to the user? Do we see any pMTUd issues? One service to test them all: NAT64Check !!!
  • 30. (Caught in a web)
  • 31. (Caught in a web)
  • 34. We don’t “fix” brokenness (Lines in the Sand) For NAT64/DNS64 implementations in go6lab, we try to avoid AAAA bogus records and all our DNS64 configs are tuned like we have shown in previous slides. For NAT64 Check tool, however, we don’t exclude anything. We are trying to show how it is in reality and not mask problems. Those people, causing problems needs to find out the situation and fix it. https://nat64check.go6lab.si/ https://nat64check.ipv6-lab.net/
  • 35. How does this work? (Illumination Theory) Four servers: Management server and web interface Server with only IPv4 Server with only IPv6 Server with NAT64 Go6lab specific: All servers are virtual machines (LIX) on Proxmox 4.2 virtualization cluster IPv6-lab.net specific: All running on virtual machines (Ubuntu) on a VMware cluster Using phantomjs as a command-line browser Keep track of all loaded (or not) resources Make a screenshot when the page has loaded Compare images with each other Check for resources that could not be loaded
  • 36. How does this work? (Images and Words) IPv4-only Web client IPv6-only Web client IPv6-only + NAT64/DNS64 Web client DNS64 NAT64 IPv4 internet IPv6 internet Master and web interface
  • 37. Run the test and calculate the score (Take the Time) Enter the domain name or URL that you would like to test and submit it to the system. The process of starting all needed browsers, get the results, grab the screen and calculate/compare all the results takes some time, so please be patient.
  • 38. Run the test and calculate the score (Take the Time) You’ll see something like this for some time after you start the measurement... The system will show you when the test was requested, when test was started and will also show you the result in the same page after some time. No need to hit the “Back” button, it will happen, just give it some time. We promise. Scout’s word of honor. :)
  • 39. Wash, rinse and repeat (Lifting Shadows of a Dream) • Test your website Are you sure all the images, analytics scripts etc. load over IPv6? If you don’t have IPv6 on your server: Did you hard-code any IPv4 addresses in your HTML code? In this case NAT64/ DNS64 will fail. You might get away with it on 464XLAT, but don’t count on it. Why you don’t have IPv6 on your server yet? If things fail - make sure you are persistent enough to find the issues. There are millions of potential viewers of your content on IPv6-only connection at this precise moment, make sure you don’t mess it up and that our tool shows the 100% good result. • Test again • Repeat until your website is no longer broken • If you are fixing a DNS misconfiguration - it might take some time before our tool gets and sees the new and fixed AAAA value. DNS propagation is slow.
  • 40. Non properly working target domain = no content! (Learning To Live)
  • 41. NAT64Check code available on GITHUB (In Constant Motion) • All code is free and open and it lives on GitHub. • Feel free to use it and/or contribute: https://github.com/sjm-steffann/nat64check
  • 42. Conclusions, questions, suggestions? (Act II: Scene Eight: The Spirit Carries On) If you are content provider: test how people sees your content from different environments If you are connectivity provider: test how IPv6-only and 464XLAT/NAT64- DNS64 users sees content If both: all of the above J You might be surprised. Well, you probably will be surprised. https://nat64check.go6lab.si/ https://nat64check.ipv6-lab.net/ Jan Žorž Sander Steffann zorz@isoc.org sander@steffann.nl