NAT64
Encyclopedia
NAT64 is a mechanism to allow IPv6
hosts to communicate with IPv4
servers. The NAT64 server is the endpoint for at least one IPv4 address and an IPv6 network segment of 32-bits (for instance
-mapping between the IPv6 and the IPv4 address, allowing them to communicate.
The translation isn't symmetric, as IPv6 address
space is a lot larger than IPv4 address space (compare: 2128 for IPv6 and 232 for IPv4), so no one-to-one address mapping is possible. Therefore, in order to be able to perform the translation, NAT64 is required to keep the IPv6 to IPv4 address mapping. Such an address mapping is either statically configured by the system administrator (stateless translation), or (more frequently) is created automatically when the first packet from IPv6 network reaches NAT64 to be translated (stateful). After this address binding is created, packets can flow in both directions.
Stateless translation is appropriate when NAT64 translator is used in front of legacy IPv4-only servers to allow them to be reached by remote IPv6-only clients. Stateful translation is suitable for deployment at the client side or at the service provider, allowing IPv6-only client hosts to reach remote IPv4-only nodes.
In general, NAT64 is designed to be used when the communications are initiated by IPv6 hosts. Some mechanisms (including static address mapping) exist to allow the reverse.
IPv6
Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4...
hosts to communicate with IPv4
IPv4
Internet Protocol version 4 is the fourth revision in the development of the Internet Protocol and the first version of the protocol to be widely deployed. Together with IPv6, it is at the core of standards-based internetworking methods of the Internet...
servers. The NAT64 server is the endpoint for at least one IPv4 address and an IPv6 network segment of 32-bits (for instance
64:ff9b::/96, see RFC 6052, RFC 6146). The IPv6 client embeds the IPv4 address it wishes to communicate with using these bits, and sends its packets to the resulting address. The NAT64 server then creates a NATNetwork address translation
In computer networking, network address translation is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device....
-mapping between the IPv6 and the IPv4 address, allowing them to communicate.
Principle of operation
Very simplistic NAT64 setup can be thought as a network device (a router) with at least two interfaces. One of this interfaces is connected to IPv4 network, and another is connected to IPv6 network. The network configured in a way that packets from IPv6 network to the IPv4 network get routed through this router. The router itself performs all the necessary translations needed to transfer packets from IPv6 network into the IPv4 network, and vice versa.The translation isn't symmetric, as IPv6 address
IPv6 address
An Internet Protocol Version 6 address is a numerical label that is used to identify a network interface of a computer or other network node participating in an IPv6-enabled computer network....
space is a lot larger than IPv4 address space (compare: 2128 for IPv6 and 232 for IPv4), so no one-to-one address mapping is possible. Therefore, in order to be able to perform the translation, NAT64 is required to keep the IPv6 to IPv4 address mapping. Such an address mapping is either statically configured by the system administrator (stateless translation), or (more frequently) is created automatically when the first packet from IPv6 network reaches NAT64 to be translated (stateful). After this address binding is created, packets can flow in both directions.
Stateless translation is appropriate when NAT64 translator is used in front of legacy IPv4-only servers to allow them to be reached by remote IPv6-only clients. Stateful translation is suitable for deployment at the client side or at the service provider, allowing IPv6-only client hosts to reach remote IPv4-only nodes.
In general, NAT64 is designed to be used when the communications are initiated by IPv6 hosts. Some mechanisms (including static address mapping) exist to allow the reverse.
Implementations
- TAYGA, a stateless NAT64 implementation for Linux
- Ecdysis, a NAT64 gateway, includes DNS64
- Microsoft Forefront Unified Access GatewayMicrosoft Forefront Unified Access GatewayMicrosoft Forefront Unified Access Gateway , is a reverse proxy and VPN solution that provides secure remote access to corporate networks for remote employees and business partners. It is part of the Microsoft Forefront offering. It incorporates various remote access technologies such as reverse...
, a reverse proxy and VPN solution that implements DNS64 and NAT64 - Stateless Network Address Translation 64 by Cisco on ASR 1000
- Stateful NAT64 feature on a Juniper MX Series 3D Universal Edge router