How does Dual Stack Lite (DS-Lite) work?

October 1, 2019

Transcription

In this video, Solutions Architect, Ryan Treser, discusses dual-stack lite: what it is and how it works.

AI Transcription:

Hello. Today, we’ll be learning about DS-Lite.

So what does DS-Lite? DS-Lite stands for Dual-Stack Lite? So a dual-stack environment is one that has v4 and v6 addresses in its core infrastructure.

The Lite refers to not a full dual-stack environment. This is will happen because you may not have the v4 public space to create a full dual-stack environment. So what DS-Lite allows you to do is encapsulate the v4 traffic into a v6 network.

Let me show you an example. So we have a legacy client here. That is v4 only.

It wants to talk to the v4 internet over here. We’ll say, for example, he wants to talk to the Google public DNS.

So this guy is 10.0.10, and he wants to talk to 8.8.8.8., It sends its request to its router, which of course, has a v4 address on it. This router special, because it’ll actually encapsulate the traffic into a v6 tunnel.

So let’s say for example, 1001:100 is the source. IP it will use and it will go to 2001, which will be on the A10 200.

So we’ll have the A10 here in the middle and we’ll have a v6 network and between those two.

So when the router encapsulates the traffic, we can see that kind of as a tunnel to the A10, and the v4 traffic will actually go through untouched, just wrapped up in a v6 rapper. When the A10 receives this traffic, it’ll actually decapsulation remove the v6 and because it’s a CGN A10 device, it will actually NAT the private IP of the client into a public address. Let’s say, for example, 203.1.2.3.

So this will go to a 8.8.8, Google will get the request and it will respond.

When the response comes back to this address, A10 will remember this was the original private IP address.

It’ll change it back to that and it will put it back into the tunnel. So, we’ll see this in the reverse flow.

The client router will actually decapsulate this as well, send it back to the client, and everything is done.

I hope you learned something today. Any questions, feel free to reach to A10 Networks.

Additional Resources

What is Carrier-grade NAT (CGN/CGNAT)? (Blog Post)
DDoS Attacks on IPv6 (Blog Post)

DDoS Attackers Uncovered: Understanding the DDoS Landscape

Start Your 30‑Day Free Trial

Getting to Ubiquity: The Urban and Rural Digital Divide

Product Support Overview

Find the Next Step in Your Career at A10 Networks

How does Dual Stack Lite (DS-Lite) work?

Transcription

AI Transcription:

Additional Resources

DDoS Attackers Uncovered: Understanding the DDoS Landscape

Start Your 30‑Day Free Trial

Getting to Ubiquity: The Urban and Rural Digital Divide

Product Support Overview

Find the Next Step in Your Career at A10 Networks

How does Dual Stack Lite (DS-Lite) work?

Transcription

AI Transcription:

Additional Resources

Up Next:

The Effect of DDoS Attacks on Carrier-grade NAT Devices

What is the Mirai Botnet, How to Prevent DDoS Attacks?

Seeing is believing. Schedule a live demo today.