Feature Request - NAT64/DNS64 CGN

Please implement NAT64/DNS64 persistent Carrier Grade NAT for those of us that would prefer not to buy a giant A10Networks ThunderCGN. :slight_smile:

TAYGA is one open source implementation. http://www.litech.org/tayga/

1 Like

+1!

Some less hacky CGNAT implementation (Stateless?) would be very welcome! :slight_smile:

+1

see also:
http://forum.mikrotik.com/t/ipv6-and-nat-how-i-changed-my-mind/100481/1
http://forum.mikrotik.com/t/nat64-and-dns64/38531/1
http://forum.mikrotik.com/t/features-request-nat64-dns64/85661/1

Internet-Uplinks going IPv6 only. Small IoT devices stick to IPv4.

+1 for NAT64. I can live with DNS64 on the powerdns recursor

Have you looked at using the web-proxy for this? I haven’t tried it but it seems like it can listen on both V6 and V4.

+1, NAT64 on MikroTik and DNS64 can be done by powerdns or bind

Maybe JooL (GPLv2) can be an interesting option instead of TAYGA to implement NAT64 or SIIT.

jool would be an awesome addition to mikrotik. it would provide essential and critical functionality that is expected of any decent isp router noways.

NAT64
SIIT
MAP-T
NPTv6

It would also provide the important 464XLAT/PLAT CPE functions, that ISP’s are searching for now. CPE support is basically what is stopping most isp’s from going ipv6 only on the last mile.

mikrotik + jool with proper TR069 support, and mikrotik could be the most interesting cpe in the space. instead people flash arm mikrotiks with openwrt to get access to features.

+1 for NAT64, NPTv6, SIIT. Very, very useful tools for v6 transitioning and new emerging markets. Having to run a NAT64 off to the side is a painful and operationally expensive measure (not to mention the capital cost associated with the commercial options)

https://www.jool.mx/en/

+1

In addition to TAYGA, another software for nat64 was found on the Internet

https://www.jool.mx/en/index.html

Couldn’t you run Jool in Docker now?

+1 This would be a very handy thing for us to have!

Jool uses kernel modules to do its magic, so it’s unlikely. Tayga might be doable in a container.

I’d also love to see NAT64 support, now RouterOS 7 is out it seems like a good opportunity to add it

Now that v7.1 is in stable with new IPv6 stack and IPv6 NAT functionality, could you please add also NAT64 functionality?

  • Movement to NAT64 is clear as Apple has had requirement for this since 2018 for all apps. No need for more complex solutions, these can come later.
  • It would help much for re-architecting networks as IPv6 becomes mandatory in different countries.
  • It would make it possible to create and manage IPv6-only networks and save from double work of managing dual-stack.
  • AWS also recently made big enhancements to it’s products to enable IPv6-only networks and services and also added NAT64 functionality to it’s gateways.
  • As Mikrotik currently supports only DHCPv6-PD and SLAAC, some solution is needed for more meaningful IPv6 DNS-management.
  • DNS64 service is already available from CloudFlare and Google, no hurry with this.

Agree on all points. I would like to add that ipv6 fasttrack is also very much needed!

+1 to NAT64.
One that will help ipv6 adoption further

Now that there’s new IPv6 stack in place and also NATing features are progressing, how long to also get NATing from IPv6 to IPv4? Very much needed!!

IPv6 NAT is NAT66 and should be avoided completely. The point of IPv6 is to restore end-to-end principle.

NAT64 and it’s better sibling 464xlat are not the same thing as NAT66 aka IPv6 killer:
https://blog.apnic.net/2018/02/02/nat66-good-bad-ugly/

Some people must’ve learnt network engineering from the trash can… Smh

Kind off topic but still useful to answer
There are some cases were NAT66 is useful. Particularly in SoHo enviroments where your service providers assign dynamic IAPDs. In that case. when you can have internal servers and particularly with internal DNS mappings you dont want to have your IP addresses (prefix) suddenly changing and messing up your communications. Been able to always use fd00::/x and been able to address translate 1:1 to the prefix given by your ISP can have a benefits in simplicity. Of course you can say that you can dual home internal servers with private and public addresses too.
Also there are some benefits on firewall rule managements related to those ipaddresses not chaging.
My 2 cents.