NAT64 Technology: Connecting IPv6 and IPv4 Networks
Contents
What You Will Learn
Available IPv6 Transition Technologies
Figure 1. Available IPv6 Transition Techniques
Dual-Stack Network
• It requires a current network infrastructure that is capable of deploying IPv6. In many cases, however, the current network may not be ready and may require hardware and software upgrades.
• IPv6 needs to be activated on almost all the network elements. To meet this requirement, the existing network may need to be redesigned, posing business continuity challenges.
Tunneling
• Users of the new architecture cannot use the services of the underlying infrastructure.
• Tunneling does not enable users of the new protocol to communicate with users of the old protocol without dual-stack hosts, which negates interoperability.
Translation
• Translation provides a gradual migration to IPv6 by providing seamless Internet experience to greenfiled IPv6-only users, accessing IPv4 Internet services.
• Existing content providers and content enablers can provide services transparently to IPv6 Internet users by using translation technology, with little or no change in the existing network infrastructure, thus maintaining IPv4 business continuity.
Scenarios for IPv6/IPv4 Translation
Figure 2. Scenarios for IPv6/IPv4 Translation
Table 1. Translation Scenarios and Their Applicability
Scenarios for IPv6/IPv4 Translation |
Applicability |
Example |
Scenario 1: An IPv6 network to the IPv4 Internet |
• Greenfield IPv6-only network wanting to transparently access both IPv6 and existing IPv4 content
• Initiated from IPv6 hosts and network
|
• ISPs rolling out new services and networks for IPv6-only smartphones (third-generation [3G], Long-Term Evolution [LTE], etc.) handsets
• Enterprises deploying IPv6-only network
|
Scenario 2: The IPv4 Internet to an IPv6 network |
• Servers in greenfield IPv6-only network wanting to transparently serve both IPv4 and IPv6 users
• Initiated from IPv4 hosts and network
|
Upcoming or existing content providers rolling out services in IPv6-only environment |
Scenario 3: The IPv6 Internet to an IPv4 network |
• Servers in existing IPv4-only network wanting to serve IPV6 Internet users
• Initiated from IPv6 hosts and network
|
Existing content providers migrating to IPv6 and thus wanting to offer services to IPv6 Internet users as part of coexistence strategy |
Scenario 4: An IPv4 network to the IPv6 Internet |
Not a viable case in the near future; this scenario will probably occur only some time after the early stage of the IPv6/IPv4 transition |
None |
Scenario 5: An IPv6 network to an IPv4 network |
Both an IPv4 network and an IPv6 network are within the same organization |
Similar to scenario 1, catering to Intranet instead of Internet |
Scenario 6: An IPv4 network to an IPv6 network |
Same as above |
Similar to scenario 2, catering to intranet instead of Internet |
Scenario 7: The IPv6 Internet to the IPv4 Internet |
Would suffer from poor throughput |
None |
Scenario 8: The IPv4 Internet to the IPv6 Internet |
No viable translation technique to handle unlimited IPv6 address translation |
None |
Technologies Facilitating IPv6/IPv4 Translation
• Network Address Translation-Protocol Translation (NAT-PT)
• Network Address Translation 64 (NAT64)
• Stateless NAT64, defined in RFC 6145, is a translation mechanism for algorithmically mapping IPv6 addresses to IPv4 addresses, and IPv4 addresses to IPv6 addresses. Like NAT44, it does not maintain any bindings or session state while performing translation, and it supports both IPv6-initiated and IPv4-initiated communications.
• Stateful NAT64, defined in RFC 6146, is a stateful translation mechanism for translating IPv6 addresses to IPv4 addresses, and IPv4 addresses to IPv6 addresses. Like NAT44, it is called stateful because it creates or modifies bindings or session state while performing translation. It supports both IPv6-initiated and IPv4-initiated communications using static or manual mappings.
Table 2. Comparison Between Stateless and Stateful NAT64
Stateless NAT64 |
Stateful NAT64 |
1:1 translation, hence applicable for limited number of endpoints |
1: N translation, hence no constraint on the number of end points therefore, also applicable for carrier grade NAT (CGN) |
No conservation of IPv4 address |
Conserves IPv4 address |
Helps ensure end-to-end address transparency and scalability |
Uses address overloading; hence lacks end-to-end address transparency |
No state or bindings created on the translation |
State or bindings created on every unique translation |
Requires IPv4-translatable IPv6 address assignment (mandatory requirement) |
No requirement for the characteristics of IPv6 address assignment |
Requires either manual or Domain Host Configuration Protocol Version 6 (DHCPv6)-based address assignment for IPv6 hosts |
Capability to choose any mode of IPv6 address assignment: manual, DHCPv6, or stateless address autoconfiguration (SLAAC) |
Figure 3. IPv4/IPv6 Translation Scenarios
AFT Using Stateful NAT64
• IP header translation between the two address families using an algorithm defined in RFC 6145 (IP/ICMP Translation Algorithm)
• IP address translation between the two address families using an algorithm defined in RFC 6052 (IPv6 Addressing of IPv4/IPv6 Translators)
Table 3. Stateful NAT64 Terminology
Terminology |
Definition |
Well-known prefix (WKP) |
The IPv6 prefix 64:ff9b::/96, defined in RFC 6052, used for algorithmic mapping between address families.Prefix 64:ff9b::/96 is not a globally routable prefix and hence must not be used in scenario 3 |
Network-specific prefix (NSP) |
An IPv6 prefix assigned by an organization for use in algorithmic mapping between address families; it is usually carved out of the organization prefix and can be globally routable: for example, 2001:db8:cafe::/96 carved out of organization prefix 2001:db8:cafe::/48 |
IPv4-converted IPv6 addresses |
IPv6 addresses used to represent IPv4 nodes in an IPv6 network: for example, 2001:db8:cafe::c000:0201 using NSP or 64:ff9b::c000:0201 using WKP, both representing 192.0.2.1 (hex c000201) |
Providing IPv4 Internet Access to IPv6-Only Networks
Figure 4. Greenfield IPv6-Only Network
• A public IPv4 address pool is shared among several IPv6-only hosts, thus conserving IPv4 addresses.
• IPv6-only hosts can access the IPv6 Internet and network using native IPv6 transport.
• IPv6-only hosts pass through stateful NAT64 translation to access the IPv4 Internet and network. Traffic flow is initiated from the IPv6 network to reach IPv4 content.
Figure 5. Cisco ASR 1000 Series Router Translating IPv6 Traffic to IPv4 and IPv4 Traffic to IPv6
Figure 6. DNS64 Operation
Figure 7. DNS64 Synthesizing an A Record into an AAAA Record
• DNS64 AAAA response to example.com: 2001:db8:cafe::c000:0201
• IPv6 source address: 2001:db8:cafe:3::2
• IPv6 destination address: 2001:db8:cafe::c000:0201
Note: 192.0.2.1 is represented as c0000201 in hexadecimal format.
Figure 8. IP Source and Destination Address Used by IPv6-Only Host
a. Since the router is configured with 2001:db8:cafe::/96 as the stateful NAT64 prefix, it tries to match the first 96 bits of the destination IPv6 address.
b. Packets are forwarded untranslated using IPv6 routing if the IPv6 destination address does not match the configured stateful NAT64 prefix.
c. If the destination address matches the stateful NAT64 prefix, the IPv6 packet undergoes NAT64 translation (Figure 9):
i. The IPv6 header is translated into an IPv4 header.
ii. The IPv6 destination address is translated into an IPv4 address by removing the IPv6 stateful NAT64 prefix.
iii. The IPv6 source address is translated into an IPv4 address by using the configured IPv4 address pool. Depending on the NAT64 configuration, either 1:1 address translation or IPv4 address overloading is performed.
iv. Stateful NAT64 IP address translation states are created for both the source and destination IP addresses. States are created when the translation is performed for the first time; thereafter, a state is maintained until the traffic stops and the state maintenance timer expires. Subsequent IPv6 packets are translated using the NAT64 translation state created at this step.
NAT64 Translations:
tcp
192.0.2.1:80 [2001:db8:cafe::c000:0201]:80
203.0.113.1:1024 [2001:db8:cafe:3::2]:9187
Figure 9. NAT64 Translation
a. It performs a lookup and tries to determine whether a NAT64 translation state exists for the IPv4 destination address.
b. If a translation state does not exist, it discards the IPv4 packet.
c. If a translation state exists, the router performs following steps:
i. The IPv4 header is translated into an IPv6 header.
ii. The IPv4 source address is translated into an IPv6 source address by adding the IPv6 stateful NAT64 prefix.
iii. The IPv4 destination address is translated into an IPv6 address by using the existing NAT64 translation state.
Providing Services to the IPv6 Internet from Existing IPv4 Networks
• Nothing changes for the content provider's existing customers. For them, business continuity remains as usual over the IPv4 Internet.
• In addition, the content provider can provide services transparently to new IPv6-only users connected through the IPv6 Internet.
• The content provider can provide services over the IPv6 Internet with little or no change in the existing network infrastructure.
• IPv6-only hosts can access IPv4-only content transparently over native IPv6 by using stateful NAT64 translation at the content provider's edge network.
Figure 10. Providing Existing Services to the IPv6 Internet
Figure 11. Cisco ASR 1000 Series Router Translating IPv6 Traffic to IPv4 and IPv4 Traffic to IPv6
192.0.2.1 2001:db8:cafe::101
Figure 12. IP Source and Destination Address Used by IPv6-Only Host
a. The IPv6 access list should be configured allowing only the desired IPv6 packets for which static IPv6-to-IPv4 translation is preconfigured:
permit ipv6 any host 2001:db8:cafe::101
b. Since the router is configured with 2001:db8:cafe::/96 as the stateful NAT64 prefix, it tries to match the first 96 bits of the destination IPv6 address.
c. Packets are dropped if the IPv6 destination address does not match the configured stateful NAT64 prefix.
d. If the destination address matches the stateful NAT64 prefix, the IPv6 packet undergoes NAT64 translation using the static NAT64 translation created in step 1.
e. The IPv6 header is translated into an IPv4 header.
f. The IPv6 destination address is translated into an IPv4 address using the existing NAT64 translation state.
g. The IPv6 source address is translated into an IPv4 address by using the configured IPv4 address pool. Depending on the NAT64 configuration, either 1:1 address translation or IPv4 address overloading is performed.
h. States are created when the translation is performed for the first time; thereafter, a state is maintained until the traffic stops and the state maintenance timer expires. Subsequent IPv6 packets are translated using the NAT64 translation state created in this step.
NAT64 Translations:
192.0.2.1 2001:db8:cafe::101
tcp
192.0.2.1:80 [2001:db8:cafe::101]:80
203.0.113.1:1024 [2001:db8:abcd2::1]:6251
Figure 13. NAT64 Translation
a. It performs a lookup and tries to determine whether a NAT64 translation state exists for the IPv4 destination address.
b. NAT64 discards the IPv4 packet if a translation state does not exist.
c. If a translation state exists, the router performs following steps:
i. The IPv4 header is translated into an IPv6 header.
ii. The IPv4 source address is translated into an IPv6 source address using the existing NAT64 translation state.
iii. The IPv4 destination address is translated into an IPv6 address using the existing NAT64 translation state.
Providing Services to the IPv4 Internet from IPv6 Networks
• Nothing changes for the existing users in the IPv6 network; for them, business continuity remains as usual.
• Enterprises and ISPs can provide services to IPv6-only users over the IPv6 Internet and network using native IPv6 transport.
• In addition, they can provide services transparently to IPv4-only users connected through the IPv4 Internet and network.
• IPv4-only hosts can access IPv6-only contents transparently over native IPv4 by using stateful NAT64 translation at the content provider's edge network.
Figure 14. Providing Services to the Existing IPv4 Internet
Figure 15. Cisco ASR 1000 Series Router Translating IPv4 Traffic to IPv6 and IPv6 Traffic to IPv4
The following NAT64 translation state is created after static IPv4-to-IPv6 mapping is configured: nat64 v6v4 static 2001:db8:cafe:2::1 203.0.113.111. Thus, IPv6 address 2001:db8:cafe:2::1 statically disguises IPv4 address 203.0.113.111.
203.0.113.111 2001:db8:cafe:2::1
Figure 16. IP Source and Destination Address Used by IPv4-Only Host
a. The IPv4 header is translated into an IPv6 header.
b. The IPv4 destination address is translated into an IPv6 address using the existing NAT64 translation state.
c. The IPv4 source address is translated into an IPv6 source address by adding the IPv6 stateful NAT64 prefix.
a. The IPv6 header is translated into an IPv4 header.
b. The IPv6 source address is translated into an IPv4 address using the existing NAT64 translation state.
c. The IPv6 destination address is translated into an IPv4 destination address by removing the IPv6 stateful NAT64 prefix.
203.0.113.111 2001:db8:cafe:2::1
tcp
192.0.2.2:9284 [2001:db8:cafe::c000:0202]:9284
203.0.113.111:80 [2001:db8:cafe:2::1]:80
Configuration and Troubleshooting
Configuration for Stateful NAT64 Translation
Figure 17. Configuration for Stateful NAT64 Translation
Verifying NAT64 Translation
Figure 18. Before and After NAT64 Translation
Products Supporting NAT64
Table 4. Cisco Products That Support NAT64
Cisco ASR 1000 Series |
Cisco Carrier Routing System (CRS-1) |
|
Stateless NAT64 |
Cisco IOS® XE 3.2S |
Cisco IOS XR 3.9.3 |
Stateful NAT64 |
Cisco IOS XE 3.4S |
Cisco IOS XR 4.1.2 |
Supported Features and RFC Standards
Table 5. Supported Features and RFC Standards
Supported Features |
RFC Standards |
TCP (HTTP, HTTPS, etc) |
RFC 6052 (draft-ietf-behave-address-format) |
UDP |
RFC 6144 (draft-ietf-behave-v6v4-framework) |
ICMP |
RFC 6145 (draft-ieft-behave-v6v4-xlate) |
FTP64-ALG |
RFC 6146 (draft-ietf-behave-v6v4-xlate-stateful) |
For More Information
• For more information about IPv6, visit http://www.cisco.com/go/ipv6.
• For additional white papers about IPv6, visit http://www.cisco.com/en/US/products/ps6553/prod_white_papers_list.html.
• For more information about Cisco CRS-1, visit http://www.cisco.com/go/crs.
• For more information about the Cisco ASR 1000 Series, visit http://www.cisco.com/go/asr.
• For more information about Cisco service provider solutions, visit http://www.cisco.com/go/sp.
Table 6. RFC Standards
RFC |
Title |
RFC 6052 |
IPv6 Addressing of IPv4/IPv6 Translators |
RFC 6144 |
Framework for IPv4/IPv6 Translation |
RFC 6145 |
IP/ICMP Translation Algorithm |
RFC 6146 |
Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers |
RFC 6147 |
DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers |
RFC 4966 |
Reasons to Move the Network Address Translator-Protocol Translator (NAT-PT) to Historic Status |
• IPv4 exhaustion counter: http://inetcore.com/project/ipv4ec/index_en.html
• ARIN: The IANA IPv4 Address Free Pool Is Now Depleted: https://www.arin.net/knowledge/v4-v6.html
• APNIC IPv4 exhaustion: http://www.apnic.net/community/ipv6-program/ipv4-exhaustion
• North American Network Operators' Group: http://www.nanog.org/
• RIPE Network Coordination Centre: http://www.ripe.net/
NAT64 Technology: Connecting IPv6 and IPv4 Networks相关推荐
- IPv6 与 IPv4现状
IPv6 与 IPv4现状 一.概述 (1) IPv4可提供bai4,294,967,296个地址,IPv6将原来的32位地址空间增大du到128位,数目是zhi2的128次方.能够对地球上每平方米d ...
- Ipv6上Ipv4的方法
在纯IPv6网络的用户如果需要访问IPv4的网络资源时,一般需要通过第三方软件来实现(Veno\六飞\IPV6VPN等),而现在大家可直接通过支持NAT64/DNS64的服务器,来实现IPv6与IPv ...
- 4.4 IPv6(诞生原因、数据报格式、与IPv4的不同、地址表现形式、基本地址类型、IPv6与IPv4的过渡策略)
文章目录 0.思维导图 1.为什么要有IPV6? 2.IPV6的数据报格式 3.IPV6与IPV4的比较 4.IPV6的地址表示形式 5.IPV6基本地址类型 6.IPV6向IPV4过滤的策略 0.思 ...
- CCIE理论-第十篇-IPV6 VS IPV4(带你们看看U.S.A的ISP的设备)
CCIE理论-第十篇-IPV6 VS IPV4(带你们看看U.S.A的ISP的设备) IPV4缺点 这个前面一章讲过了,这里再讲一次 https://www.potaroo.net/ 这是一个统计的机 ...
- ipv6头部格式 c语言,2.2.1 IPv6和IPv4基本头部格式
2.2 IPv6报文 2.2.1 IPv6和IPv4基本头部格式 根据IPv4报文中存在的问题,IPv6报文头格式与IPv4相比进行了一些改动.IPv6头部结构遵循以下新规则: 基本头部的固定长度 ...
- ipv6的表示、ipv6与ipv4之间的转换、ipv6地址大小判定
本文对初步接触到ipv6时,常遇到的三个疑问(ipv6的表示.ipv6与ipv4之间的转换.ipv6地址大小判定)进行了简单介绍. ipv6的表示 关于单个ipv6地址的基本表示有:标准表示.压缩表示 ...
- ipv6地址概述——带你了解ipv6与ipv4的不同
作者简介:一名在校云计算网络运维学生.每天分享网络运维的学习经验.和学习笔记. 座右铭:低头赶路,敬事如仪 个人主页:网络豆的主页 目录 前言 一.ipv4与ipv6 1.ipv4与i ...
- ipv6地址概述——了解ipv6与ipv4不同
目录 一 ipv4与ipv6 1.ipv4的概述 2.ipv4存在的问题 3.ipv6的概述 4.ipv4与ipv6的优点和特点 5.ipv6与ipv4的变化 ipv4包头 ipv6包头 6.ipv6 ...
- 什么是IP地址?IPV6和IPV4的区别-一个初学小白的笔记
参考视频:https://www.bilibili.com/video/BV1DD4y127r4 从历史的发展角度来看: 如果只有一台电脑,所有的数据都会存储在硬盘上,不会和其他的电脑产生任何关系. ...
- 下一代互联网实验:IPv6静态路由和路由汇总 IPv6 to IPv4 隧道 IPv6 NAT-PT 配置
目录 实验一 IPv6静态路由和路由汇总 实验二 IPv6 to IPv4 隧道 实验三 IPv6 NAT-PT 配置 实验一 IPv6静态路由和路由汇总 实验目的 1.掌握基本的 IPv6 地址 ...
最新文章
- 人群场景的属性--Deeply Learned Attributes for Crowded Scene Understandin
- 经典C语言程序100例之三八
- 对称加密-DES解密
- Excluding Files From Team Foundation Version Control Using .tfignore Files
- kudu参数优化设置,让集群飞起来~
- 惊现飞鸽传书2009
- mysql++pc客户端_Mysql超详细安装配置+客户端连接
- JDBC的第一个版本,不使用配置文件。使用jar文件一个
- 拆分工作簿为多个文件_如何批将Excel的多个Sheet工作表拆分为独立的工作簿?...
- 宁德时代机器人编程开发_高通发布5G机器人开发平台,内置强大AI算力。各大厂商竞相发布机器人处理平台,万物互联的时代即将到来...
- [Tip]ActiveScaffold本地化
- android 画图 工具下载,画板画图软件下载-画板画图 安卓版v1.1.0-PC6安卓网
- android的wifi开发码源,亚美电游app下载 -官方网站
- 视频会议室装修部署指南
- Vue中如果关闭语法检查
- 2022-2028全球与中国WiFi拦截器市场现状及未来发展趋势
- matlab201a教程,实验6 - 数媒201郭凯妮的个人空间 - OSCHINA - 中文开源技术交流社区...
- 【寻找最佳小程序】04期 :探访“小打卡”产品打磨细节及线下场景真实应用
- 解决选择困难症,有哪些常用的营销手段?
- angular2--安装和使用