A while ago I have decided to go IPv6 only, at least within my home network. I wanted to go entirely IPv6 only but there are a number of issues with that:
- IPv4 only websites (e.g. github.com)
- IPv4 only DNS servers (e.g. fastlys nameservers)
- hardcoded IPv4 addresses for services (I’ll get more into that later)
Due to this, I have set up NAT64 + DNS64 on NixOS in my home network. The ISP setup is still the same as laied out in a previous blog post with the Raspberry Pi replaced by an industrial PC with 4 Ethernet ports.
NAT64 + DNS64
An IPv6 only setup is easy, just throw the right router advertisements into the network and the devices auto configure. To also allow access to IPv4 addresses, NAT64 is used. NAT64 is essentially mapping IPv4 addresses onto an IPv6 subnet (usually 64:ff9b::/96) and NATing that to an IPv4 address at the gateway again. To map IPv4 only domains DNS64 can be used. DNS64 maps IPv4 only responses of a request to an IPv6 response, mapped onto the NAT64 prefix.
On Linux, setting up NAT64 is very easy, jool is a great tool and the basic setup is quite easy. For my NixOS config that is just one line to get the basics working:
networking.jool.enable = true;
This is in theory enough to turn off any DHCP servers in a network. With a catch applications which only work in IPv4 environments.
464XLAT
Doing client side translation (or CLAT, Customer-side transLATor) is sometimes necessary in an IPv6 only environment due to various reasons e.g. hardcoded IPv4 addresses in applications. This is also what many mobile internet providers do. CLAT is implemented for example in Android, Windows 10, Windows 11, macOS, iOS and FreeBSD. Linux unfortunately doesn’t have a good implementation in for example systemd-networkd or NetworkManager. One solution that exists is clatd which works well for the purposes of my home network. There is also the 464xlat package for OpenWRT but that is mostly intended for gateways to provide an IPv4 subnet behind it.
Conclusion
After setting up CLAT for the applications that need it to work, everything works like a charm and most of the time I don’t even have an IPv4 address on my system. So if you can set it up in your home network and have the time, do it.