Click here to load reader

JingHua Tan Jin yan Lin Weibo Li China Telecom Guangzhou Research Insititute

  • View

  • Download

Embed Size (px)


IETF 80 – v6ops Prague. Experience from NAT64 applications draft-tan-v6ops-nat64-experiences-00. JingHua Tan Jin yan Lin Weibo Li China Telecom Guangzhou Research Insititute. Test Environment. Equipment. NAT-PT device : Juniper ISG 1000. PC 终端版本: Windows 7 旗舰版. - PowerPoint PPT Presentation

Text of JingHua Tan Jin yan Lin Weibo Li China Telecom Guangzhou Research Insititute

  • JingHua TanJin yan LinWeibo LiChina TelecomGuangzhou Research InsitituteIETF 80 v6ops Prague

    Experience from NAT64 applications


  • Test Environment

  • Equipment NAT-PT deviceJuniper ISG 1000

    PCWindows 7

  • Test Results--web applications

  • Test Results--Searching EngineTest Objects: ;; Test Tools: Internet Explorer; Firefox; ChromeTest Result: When enable DNS-ALG and DNS Inhibit-AAAA-Request, browsers fails to access the websites and nslookup failover

  • Test Resultsweb mail(http)Test Object: www.189.cnTest Tools: IE, Firefox, ChromeTest Result: logging normally sending and receiving mails normally filter spam normally

  • Test Resultsweb mail(https)Test Object: Tools: IE, Firefox, ChromeTest Result: logging normally sending and receiving mails normally

  • Test Resultshttp downloadingTest Object: Test Tools: IE, Firefox, ChromeTest Result: http downloading is running regularly by domain name accessing; downloading from network hard disk is normal; downloading from the file sharing website is abnormal due to the IP address sharing problem;

  • Test ResultsVideo (web+flash)

  • Test ResultsOnline Music

  • Test Resultsblog

  • Test ResultsSNS

  • Test ResultsOnline Shopping

  • Test ResultsGoogle Map

  • Test ResultsMail Client

  • Test Results--IM

  • Test ResultsP2P

  • Test ResultsPlatform Games

  • Test Resultshttp downloadingTest Object: UUsee, PPlive, PPstreamTest Result: The tested clients can download playlists and advertisements. The problem the client cannot play the video and fail to connect to the content server.

  • Test Resultsremote loginTest Object: windows remote login, PC anywareTest Result: cannot connect to the remote desktop.

  • Test ResultsVPNTest Result: PPTP doesnt support IPv6; L2TP/IPsec support IPv6, but it cannot negotiate the Encryption key normally when passing NAT-PT server, so VPN connetion cannnot established correctly.

  • Thank you!China Telecom , Guangzhou Research InstituteQuestions?Contacts: Jinhua Tan [email protected] Yan Lin [email protected]?

    *This document discusses our experiences from deploying NAT64 devices for various Internet applications. Before the final transition to an IPv6-only network, NAT64 is one of the possible technologies which may be used to give users access to the IPv4-only parts of the Internet via an IPv6-only network. This document analyzes the testing results for a number of popular applications and describes the problems to be solved in the period of transition from IPv4 to IPv6.

    The operating system we tested was Microsoft Windows 7 and the tested applications are the currently updated version. The IPv6 prefix was delegated as 2001:c68:100:100::/64, while the global IPv6 address was configured via SLAAC. The NAT-PT device was connected to the edge router of CNGI (China Next Generation Internet). A static route was configured in this device to direct packets destined to prefix 2001: c68:100:2:: (the prefix for the IPv6 DNS server) to the NAT-PT device. In the NAT-PT device, the IPv4 addresses of the target websites or servers were mapped to global IPv6 addresses through dynamic or static mappings. When the tested terminal sent packets to these global IPv6 addresses, they were routed to the NAT-PT device which performed protocol translation and address translation. The address of IPv6 DNS server was manually configured to 2001:c68: 100:2:1::ca61:6, with the DNS-ALG enabled at the NAT-PT device. The AAAA DNS query from the terminal was transformed to an A query to the ISP's IPv4 DNS cache server via NAT-PT translation. We also implemented a dual-stack DNS cache server and added AAAA entries for the tested websites. The global IPv6 addresses of those websites are based on the NAT-PT's prefix and its IPv4 public addresses. The terminal has been setup the DNS server address as the IPv6 address of this dual-stack DNS cache server while the DNS-ALG is disabled at NAT-PT. The NAT Log information was acquired by remote monitoring. The logs contained the 5-tuple, set up time and end-up time. The traffic Log was manually exported. ***