From f87e2451a453b77b890af328669503f09796d56e Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Fri, 26 Mar 2021 12:09:27 +0100
Subject: [PATCH] ipv4 as a service

---
 .gitignore                     |  1 +
 ipv4-as-a-service-simple.dot   | 15 ++++++++
 ipv4-as-a-service.dot          | 62 +++++++++++++++++++++-------------
 ipv6-ipv4-stateful-mapping.dot | 13 +++++++
 4 files changed, 68 insertions(+), 23 deletions(-)
 create mode 100644 ipv4-as-a-service-simple.dot
 create mode 100644 ipv6-ipv4-stateful-mapping.dot

diff --git a/.gitignore b/.gitignore
index 2554b41..398c474 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
 *.pdf
 *.svg
 *.jpg
+*.eps
diff --git a/ipv4-as-a-service-simple.dot b/ipv4-as-a-service-simple.dot
new file mode 100644
index 0000000..5573a6a
--- /dev/null
+++ b/ipv4-as-a-service-simple.dot
@@ -0,0 +1,15 @@
+graph G {
+    node [ shape=box, fontcolor="#ffffff", color="#40a9e3", style="filled"  ]
+    label="IPv4 as a service\n(simplified)\nby ungleich.ch"
+
+    concentrate=true
+
+    client [ label="Notebook, Desktop,\nServer, IoT device"  color="#ee1100" ]
+
+    ipv4internet [ label="IPv4 Internet" shape=oval ]
+    ipv6internet [ label="IPv6 Internet" shape=oval ]
+
+    ipv6internet--client [ label="Access via VPN"  ]
+
+    ipv4internet--client [ label="Access via NAT64 translator" ]
+}
diff --git a/ipv4-as-a-service.dot b/ipv4-as-a-service.dot
index dca1cc8..dbf3db8 100644
--- a/ipv4-as-a-service.dot
+++ b/ipv4-as-a-service.dot
@@ -1,44 +1,60 @@
 digraph G {
     node [ shape=box, fontcolor="#ffffff", color="#40a9e3", style="filled"  ]
-    label="IPv4 as a service\nby ungleich"
+    label="IPv4 as a service\nby ungleich.ch"
 
-    subgraph cluster_v6_vm {
-        label="IPv6 only VM"
-        ipv6onlyvm [ label="IPv6 only VM"  color="#ee1100" ]
-    }
+#    rankdir=LR
 
-    subgraph cluster_roadwarrior {
-        label="Roadwarrior"
+    #
 
-        notebook [ label="Notebook"  color="#ee1100" ]
-        desktop [ label="Desktop"  color="#ee1100" ]
-    }
+    # Merge double edges into single one
+#    concentrate=true
 
-    subgraph cluster_roadwarrior {
-        label="Roadwarrior"
+    # allow edges to subgraphs
+#    compound=true
 
-        notebook [ label="Notebook"  color="#ee1100" ]
-    }
+#    subgraph cluster_endpoints {
+#        label="IPv6 and IPv4 reachable hosts"
 
-    subgraph cluster_internet {
-        label="The Internet"
+        client [ label="Notebook, Desktop,\nServer, IoT device"  color="#ee1100" ]
+        // notebook [ label="Notebook"  color="#ee1100" ]
+        // desktop [ label="Desktop"  color="#ee1100" ]
+        // ipv6onlyvm [ label="IPv6 only VM"  color="#ee1100" ]
+#    }
+
+    // subgraph cluster_roadwarrior {
+    //     label="Roadwarrior"
+
+    //     notebook [ label="Notebook"  color="#ee1100" ]
+    // }
+
+#    subgraph cluster_internet {
+#        label="The Internet"
 
         ipv4internet [ label="IPv4 Internet" shape=oval ]
         ipv6internet [ label="IPv6 Internet" shape=oval ]
-    }
+#    }
 
     subgraph cluster_dcl {
         label="Data Center Light in Switzerland"
 
-        vpnserver [ label="VPN Server in\nData Center Light" ]
-
+        vpnserver [ label="VPN Server" ]
+        nat64t [ label="NAT64 translator (inbound)" ]
+        nat64tout [ label="NAT64 translator (outbound)" ]
     }
 
-    ipv6onlyvm->ipv6internet [ label="Connect via IPv6" ]
-    {desktop,notebook}->{ipv4internet,ipv6internet} [ label="Connect either way" ]
-    {ipv4internet,ipv6internet}->vpnserver [ label="Connect to VPN" ]
+    ipv4internet->client [ label="Access via NAT64 translator" style=dashed ]
+    ipv4internet->nat64t [ label="Access via IPv4" ]
 
-    vpnserver->{ipv6onlyvm, desktop, notebook} [ label="Route IPv4 address via VPN" ]
+    ipv6internet->client [ label="Access via IPv6" style=dashed ]
+    ipv6internet->vpnserver [ label="Access via VPN server"  ]
 
+    client->ipv4internet [ label="Access IPv4 Internet\nvia 2a0a:e5c0:1e:c001::a.b.c.d/96" style=dashed ]
+    client->nat64tout [ label="IPv4 via IPv6 access" ]
+    nat64tout->ipv4internet [ label="Translate mapped IPv4 to native IPv4" ]
+    client->vpnserver [ label="Connects to" ]
+
+    nat64t->vpnserver [ label="Translate IPv4 traffic to IPv6" ]
+
+    vpnserver->client [ label="Route IPv6 network" ]
 
 }
diff --git a/ipv6-ipv4-stateful-mapping.dot b/ipv6-ipv4-stateful-mapping.dot
new file mode 100644
index 0000000..16bf59f
--- /dev/null
+++ b/ipv6-ipv4-stateful-mapping.dot
@@ -0,0 +1,13 @@
+digraph G {
+    node [ shape=box ]
+
+    label="Stateful NAT64 for masquarading IPv6 networks"
+
+    v6net [ label="IPv6 Network\n2001:db8:0:0::/64\n(64 bit)" ]
+    v4net [ label="IPv4 Internet\n0.0.0.0/0\n(32 bit)" ]
+    nat64 [ label="NAT64 translator" ]
+
+    v6net->v4net [ label="Allow access\nfrom an IPv6 network" style=dashed ]
+    v6net->nat64 [ label="Connects to\n2001:db8:0:0:c001::/96\n(32 bit)" ]
+    nat64->v4net [ label="Squashes 2001:db8::/64 to 192.0.2.1" ]
+}