IPv6 is a fundamentally different Internet Protocol than IPv4, and IPv6-only networks cannot, by default, communicate with the IPv4 Internet. This lack of interoperability necessitates complex mechanisms for incremental deployment and bridging networks so that non-dual-stack systems can interact with the whole Internet. NAT64 is one such bridging mechanism by which a network allows IPv6-only clients to connect to the entire Internet, leveraging DNS to identify IPv4-only networks, inject IPv6 response addresses pointing to an internal gateway, and seamlessly translate connections. To date, our understanding of NAT64 deployments is limited; what little information exists is largely qualitative, taken from mailing lists and informal discussions. In this work, we present a first look at the active measurement of NAT64 deployment on the Internet focused on deployment prevalence, configuration, and security. We seek to measure NAT64 via two distinct large-scale measurements: 1) open resolvers on the Internet, and 2) client measurements from RIPE Atlas. For both datasets, we broadly find that despite substantial anecdotal reports of NAT64 deployment, measurable deployments are exceedingly sparse. While our measurements do not preclude the large-scale deployment of NAT64, they do point to substantial challenges in measuring deployments with our existing best-known methods. Finally, we also identify problems in NAT64 deployments, with gateways not following the RFC specification and also posing potential security risks.

翻译：IPv6是与IPv4本质不同的互联网协议，默认情况下仅支持IPv6的网络无法与IPv4互联网通信。这种缺乏互操作性的问题需要复杂的渐进式部署机制和网络桥接方案，使非双栈系统能够与整个互联网交互。NAT64就是一种桥接机制，允许仅支持IPv6的客户端通过利用DNS识别仅支持IPv4的网络、注入指向内部网关的IPv6响应地址并实现无缝连接转换，从而接入整个互联网。迄今为止，我们对NAT64部署的了解十分有限，现有信息多来自邮件列表和非正式讨论的定性分析。本文首次通过主动测量从部署规模、配置和安全性三个维度对互联网中NAT64的实际部署情况进行考察。我们通过两种大规模测量方式评估NAT64：1）互联网上的开放解析器，2）RIPE Atlas的客户端测量数据。在这两组数据中，我们普遍发现尽管关于NAT64部署的传闻证据为数众多，但可测量的实际部署极其稀少。虽然我们的测量结果并未完全否定NAT64的大规模部署可能性，但确实表明现有已知最优方法在测量部署时面临重大挑战。此外，我们还发现了NAT64部署中的问题——部分网关未遵循RFC规范并存在潜在安全风险。