Versions Compared

Old Version 4

changes.mady.by.user Edwin Beekman

Saved on

compared with

New Version 5

changes.mady.by.user Edwin Beekman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

HAProxy is able to do the IPv6 to IPv4 proxying (another solution is Socat or iptables module tproxy). With simple configuration lines it is possible to proxy connections between the two protocols.

...

Code Block
listen webserver1
    bind 2001:db8:abc:123::cafe:80
    mode http
    option forwardfor
    server webserver1 192.0.2.1:80
 
listen webserver1-ssl-passthrough
    bind 2001:db8:abc:123::cafe:443
    mode tcp
    server webserver1 192.0.2.1:443

 

Another possible implementation is using NAT64 with for example Tayga (most common stateless NAT64 daemon, http://www.litech.org/tayga/). Downside is the extra process needed on the VPC Router.

Configuration is relative simple and straightforward in taiga.conf.

Code Block
tun-device nat64
ipv4-addr 192.168.255.1
prefix fd9f:590a:b158:ffff:ffff:ffff::/96
dynamic-pool 192.168.255.0/24
data-dir /var/spool/tayga


DNS64

Configuring DNS64 can be done with for example Bind by telling that it has to return a special AAAA-record if a client from a specific range requests the IP address of a hostname that has no AAAA record. This AAAA-record is constructed by Bind, using a prefix. When a client tries to connect to an IP starting with the prefix, it will be forwarded (through routing) to the NAT64 setup.

 

 

Code Block
dns64 2001:67c:2834:ff99::/96 {
clients { any; };
mapped { any; };
suffix ::;
recursive-only yes;
};

 

Both NAT64 and DNS64 needs more investigation.

 

Future Enhancement
  • Support for Network ACL to allow ingress/egress traffic for an external network. For this a network administration facility could be introduced in ACS (low pro)

...