NAT64

NAT64 is an IPv6 transition mechanism. It is used to translate IPv4 into IPv6 addresses. Its purpose is primarily in the permit communication between accessible only by IPv6 hosts on one side and only reachable via IPv4 hosts on the other side. In special cases it is possible to initiate a connection by IPv4 hosts, usually, however, this remains the IPv6 hosts reserved. However, since much more IPv6 hosts will be as IPv4 hosts for the foreseeable future, this is not problematic because the main purpose is to IPv4 servers to speak of IPv6 networks from.

  • 6.1 Specifications
  • 6.2 External links
  • 6.3 Notes and references

Operation

NAT64 uses the fact that the 128- bittigen IPv6 addresses are well able to contain a 32bit IPv4 address:

IPv4: 192.0.2.1 - c0.00.02.01 ( Hexadecimal notation of IPv4 address ) IPv6: 64: ff9b :: - 64: ff9b :: c000: 0201 ( as the last 32 bits embedded in the IPv6 address )

The prefix 64: ff9b :: / 96 has been reserved specifically for this mechanism. Alternatively, and for ease of use can be used instead of pure hexadecimal notation, a mixed notation:

192.0.2.1 -> 64: ff9b :: 192.0.2.1

The IPv4 address is automatically converted from the IPv6 implementation in hexadecimal notation.

Routing

Will now the IPv6 host 2001: db8 :: 1 connection to the IPv4 server 192.0.2.1 record, so he sends in his local network packets to the address 64: ff9b :: c000: 0,201th Here, for example, would help ensure that all packets with a destination 64 a static route: ff9b :: / 96 forwards them to the NAT64 router. The NAT64 router can now receive the packets, " unpack " the IPv4 address and the contents from including OSI layer 4 encapsulated in IPv4 packets routed over its IPv4 connection:

IPv6 address: 64: ff9b :: c000: 0201 -> IPv4 Address ( hex): c0000201 -> IPv4 address ( dec. ): 192.0.2.1

With the use of prefixes it is not necessarily 64: limited ff9b :: / 96. If configured, you can use any subnet from its allocated power for this purpose.

Stateful

NAT64 is stateful, "remembers" So, what IPv6 host and which IPv4 host to communicate with each other. In the NAT64 table of the router is out about the book. This works basically the same way as traditional NAT.

For example: if 2001: db8 :: dead: beef would like to connect to 192.0.2.56 build, so he sends ( as before) the packets that are addressed to this host to 64: ff9b :: c000: 238, ie in the basically the router. This removes the IPv4 address and routes on the packages, but noted there is

Will now face the IPv4 side of the router a packet of " contrary " data, ie sender and receiver are reversed ( as for an answer logically, see correspondence ), the router knows immediately which IPv6 host it must forward the packet.

DNS64

DNS64 is a technique that adds NAT64. It is defined in RFC 6147 and is based on DNS. This automatically and transparently creates a DNS64 server from A- resource records (A RRs, so DNS records for IPv4 addresses ), AAAA RRs (AAAA: Field name in DNS for IPv6 addresses ). This works via the method explained:

Pros and Cons

Benefits of NAT64 ( especially in combination with DNS64 ) include:

  • Completely transparent to the IPv6 hosts
  • Cheap and easy connection of both worlds Protocol
  • For new hosts only one configuration is needed: Change name server to a DNS64 server

Disadvantages, mainly because NAT64 is still a NAT process:

  • To build up of IPv4 hosts connections to IPv6 hosts, you need static NAT entries and extra IPv4 addresses for each IPv6 host to be addressed for a 1 - to-1 routing or static port forwarding.
  • Typical NAT issues, such as with P2P applications

Public gateway

NAT64 in combination with DNS64 is suitable as a public service, for example for the provider. Here, only the DNS64 name server of that provider must be registered with the clients in order to facilitate the connection with IPv4 hosts.

Support

The packet filter pf OpenBSD gained support for NAT64 in version 1 May 2012 released with OpenBSD 5.1. Furthermore, there is a patch for BIND to allow DNS64, and also a patch for netfilter / iptables for NAT64.

243319
de