Implementing 464XLAT at a small WISP

We recently deployed our first half-dozen IPv6-only customers after 6+ months of testing, using 464XLAT.

It took me ages to sort all this out, so I hope someone finds this helpful. Feedback very much welcome.

If all you want to do is 464XLAT you don’t need a nameserver that supports DNS64. Just add a zone with the appropriate AAAA records to your recursive servers.

The following provides the 464XLAT translation with the well known NAT64 prefix. SOA . . 0 0 0 0 0 NS . AAAA 64:ff9b:: AAAA 64:ff9b:: A A

Nice :wink:

I’ve been doing this for some time already … and have trials with several customers (tens of thousands of customers).

Note that most of the routers that support LEDE (quite a big list), will work by default with a standard stable release.

You mention it, but we use something like for the offload:
ethtool --offload eth0 gro off lro off
ethtool --offload eth1 gro off lro off

Also, for the DNS64, I use exclude. It can be improved also to avoid including (in the exclusion) the prefixes for transition mechanisms, such as 2001::/32, 2002::/16, etc.

dns64 64:ff9b::/96 {
clients { any; };
mapped { any; };
exclude { 0::/3; 4000::/2; 8000::/1; 2001:db8::/32; };
break-dnssec no;

I’ve an ID on this:

I’m working in the next few days in a review of this, so any inputs are welcome!


I’ve customers with have 1Gbit FTTH link using LEDE with NAT.

Depending on the hardware (I’m talking about Chinese made routers with cost less than 50 USD) they easily reach 9xx Mbits. It may depend on the chip set, as some LEDE implementations take advantage of hardware NAT.

I’ve tested it myself with iperf, simulating a WAN link to traverse the router in a 2 LAN lab environment. The tests have been done using both, native IPv4 and CLAT (so having only IPv6 in the WAN link).

Regular LEDE stable firmware, in most of the devices, don’t support by default hardware NAT, so you can in those cases, reach 500-600 Mbits, again, depending on specific hardware.

So, I don’t think number of users is an issue.

Not sure if that’s responding your question …


In many ocassions you have MUCH better support from the OpenSource community than from vendors ….

Look at Ubiquity and Mikrotik, supporting a very reduced set of transitions mechanisms. I’ve many WISP that have big troubles to keep growing because that, and you know what, at the end they reflash that “nice” hardware with LEDE, and done!


One reason we are using Linksys so far is their nominal support for
"open source" on their routers. I started testing with the WRT 1900ACS,
which is a bit expensive for us to be handing out to everyone. We will
be using those for customers on higher-speed plans.

Honestly, given the number of bugs we've dealt with from our other
vendors, and the lack of ability to fix (or even find) them ourselves,
I'm at least as comfortable with OpenWRT/LEDE as I am with, say AirOS or
RouterOS deployed in our network.