Historically it used to be running on my local router/firewall and the pure v6 was just between my devices and that firewall. However my setup has changed considerably since then and nat64 has been moved to a VPS out of my normal network path because I got my own public v6 space. So my current setup is basically firewall -> VPN -> VPS with BGP for normal(v6) internet comms. That whole path is pure v6 and then in the same datacenter as that BGP VPS is my NAT64 VPS. Beautiful thing about NAT64 is you don’t actually need it local if you don’t want. There’s even a fully public service for free if you don’t want to setup your own and don’t mind the tradeoffs (bad latency, shared IPs, low bandwidth) https://nat64.net/.

If it goes down for some reason I just lose access to websites that don’t normally have AAAA records, which sounds like a big loss but honestly I’ve been running NAT64 in some capacity since 2019 and so over time I have sort of black balled services that don’t have v6 in favor of ones that do so very little of my normal online activity normally needs v4. I actually have packet counting on my firewall tracking the amount of data exchanged with various large services, Google, Cloudflare, etc, my NAT64 VPS is one of the things it tracks and compared to my total traffic the NAT64 traffic is a very small <10% of my normal internet usage at this point.