NAT64

NAT64 is an IPv6 transition mechanism that facilitates communication between IPv6 and IPv4 hosts by using a form of network address translation (NAT). The NAT64 gateway is a translator between IPv4 and IPv6 protocols,[1] for which function it needs at least one IPv4 address and an IPv6 network segment comprising a 32-bit address space.

An IPv6 client embeds the IPv4 address it wishes to communicate with using the host part of the IPv6 network segment, resulting in an IPv4-embedded IPv6 addresses (hence the 32-bit address space in the IPv6 network segment), and sends packets to the resulting address. The NAT64 gateway creates a mapping between the IPv6 and the IPv4 addresses, which may be manually configured or determined automatically.[2]

Principle of operation

NAT64 and DNS64

A simple NAT64 installation may consist of a gateway with two interfaces connected to an IPv4 network and an IPv6 network, respectively. Traffic from the IPv6 network is routed via the gateway which performs all the necessary translations for transferring packets between the two networks. However, the translation is not symmetric,[3] as the IPv6 address space is much larger than the IPv4 address space; thus, one-to-one address mapping is not possible. The gateway maintains IPv6-to-IPv4 address mapping, which may be established manually (stateless mapping) or automatically (stateful mapping) when the first packet from the IPv6 network reaches the NAT64 gateway.

Stateless translation is appropriate when a NAT64 translator is used in front of IPv4-only servers to allow them to be reached by remote IPv6-only clients. Stateful translation is suitable for deployment at the client side or at the service provider, allowing IPv6-only client hosts to reach remote IPv4-only nodes.

In general, NAT64 is designed to be used when the communication is initiated by IPv6 hosts. Some mechanisms, including static address mapping, exist to allow the inverse scenario.

Not every type of resource is accessible with NAT64. Protocols that embed IPv4 literal addresses, such as SIP and SDP, FTP, WebSocket, Skype, MSN, and any other content with IPv4 literals are excluded, but a dual-stacked web proxy allows IPv6-only clients to access even web pages with IPv4 literals in URLs. However, 464XLAT (described in RFC 6877), which uses NAT64, allows use of such protocols over IPv6-only connections. For SIP and FTP, the problem can also be solved using an ALG, or using Port Control Protocol with the PREFIX64 extension specified in RFC 7225.

Implementations

References

  1. RFC 6052, IPv6 Addressing of IPv4/IPv6 Translators, IETF Standards Track, C.Bao et al. (October 2010)
  2. RFC 6146 Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers
  3. Mavrin, Alex. "NAT64 power and limitations". Blog article. Retrieved 6 January 2014.
  4. "[Ecdysis-discuss] NAT64 in OpenBSD". Viagenie.ca. Retrieved 2014-01-31.
  5. Worldwide. "Release Notes for the Cisco ASA Series, 9.0(x) [Cisco ASA 5500-X Series Next-Generation Firewalls] - Cisco Systems". Cisco.com. Retrieved 2014-01-31.
This article is issued from Wikipedia - version of the 11/22/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.