With the growing need for IPv4 and IPv6 dual stack support, inSync supports IPv6 along with IPv4. By default, inSync Server does not support an inSync Client trying to connect using an IPv6 address. But, a Client can connect to the server using an IPv6 address, if the Client is using NAT64 enabled Microsoft DirectAccess as its VPN solution or if the server lies behind a NAT64 translator. In case of MS Direct Access, the NAT64/DNS64 gateway which is integrated with Microsoft DirectAccess, creates an IPv6 address to allow the external Client to connect to the inSync Server using an IPv6 route. Data from the IPv6 network is routed via the NAT64/DNS64 gateway which performs all the necessary translations for transferring data between the IPv6 address and IPv4 only Server.
How does it work?
Here is a description of how Microsoft DirectAccessNAT64 and DNS64 work together to provide DirectAccess users access to IPv4 machines on the corporate network:
- It all starts when the DirectAccess Client tries to connect to an application server, it sends a DNS query to the DNS64 to get the address of the application server. It is important to note that DirectAccess Clients have connectivity to the corporate network only over IPv6, therefore their DNS queries are always IPv6 DNS queries that are called “AAAA” (quad A).
- After it gets the query from the Client, the DNS64 sends two DNS queries: an IPv4 query (A query) and an IPv6 query (AAAA query) to the corporate DNS.
- If DNS64 got in response only an IPv4 address it is assumed that there is only IPv4 connectivity to this server and therefore NAT64 will have to bridge all traffic. Since the Client needs an IPv6 address DNS64 generates an IPv6 address from the IPv4 address based on the NAT64 prefix configured on the DirectAccess prefixes page.
- After the Client machine has the address of the application server, it starts sending data packets to this server. The packets are sent to the DirectAccessNAT64 since all IPv6 addresses that are included in the NAT64 prefix are routed to DirectAccess.
- NAT64 receives the data packet and tries to determine the IPv4 address that is associated with the destination IPv6 address. Then it creates a new IPv4 packet that has the same payload and sends it to the application server.
What is IPv6?
IPv6 (Internet Protocol version 6) is the latest version of the Internet Protocol that is designed to supplement and eventually be the successor of IPv4, which is the protocol predominantly in use today. IPv6 was developed by the Internet Engineering Task Force (IETF).
What’s the difference between IPv4 and IPv6?
The key difference between the versions of the protocol is that IPv6 has significantly more address space.
What are the different transition techniques for IPv6 transition?
The main transition techniques are as follows:
- Dual Stack – The network stack supports both IPv4 and IPv6.
- Tunneling – The IPv6 packets are encapsulated within IPv4 packets.
- Translation – Protocol translation between IPv4 and IPv6 is performed.
What is DirectAccess?
DirectAccess is a VPN-like technology that provides intranet connectivity to client computers when they are connected to the Internet. Unlike many traditional VPN connections, which must be initiated and terminated by explicit user action, DirectAccess connections are designed to connect automatically as soon as the computer connects to the Internet.
What is NAT64?
NAT64 is an IPv6 transition mechanism that facilitates communication between IPv6 and IPv4 hosts by using a form of network address translation (NAT). The NAT64 gateway is a translator between IPv4 and IPv6 protocols, for which it needs at least one IPv4 address and an IPv6 network segment comprising a 32-bit address space.