What is NAT64? Understand and Configure NAT64

As Internet demand grows, IPv4 faces a significant challenge due to its address space depletion. However, IPv6 transition mechanisms can help. NAT64 is one mechanism that supports this transition, helping with IPv4 depletion issues. In this article, learn what NAT64 is, how a NAT64 server works, and how the mechanism benefits IPs.

What is NAT64? 

NAT64, or network address translation 64, is a mechanism that facilitates communication between IPv6 and IPv4 networks and vice versa over the Internet. It does this by translating IPv6 addresses into IPv4 addresses. This is important because, as the world transitions to IPv6, many IPv4-only servers will still need to be accessed.   

Network address translation 64 enables IPv6-only clients to interact with IPv4-only servers without requiring the devices to support both natively. It works with an extension to DNS, popularly known as DNS64, which synthesizes AAAA records for IPv4-only names.

Network address translation 64 performs translation in either of these two ways in terms of port address translation: PAT or No-PAT mode.

• PAT mode allows multiple devices with different IPv6 addresses to share a single IPv4 address. The technique maps the IPv6 address and port number to a specific IPv4 address and port number. 
• No-PAT mode does a more straightforward translation where each IPv6 address gets its own IPv4 address. In this mode, you don’t need to change port numbers. The only requirement is more IPv4 addresses for all the devices that want to connect.

For IPv4 users to access IPv6 networks, this type of network address translation must provide the server function. It acts as a NAT64 server to translate IPv4 addresses back into IPv6 addresses. Again, this translation relies on DNS64 servers. 

One drawback of network address translation 64 is that it only translates IP addresses in packet headers but doesn’t in the main content, or payload, of packets. Many application layer protocols include IP addresses in their payload.  Before translation, these IPv4 devices may see the packets as incorrect or invalid.

Using the NAT64 Application Level Gateway (NAT64 ALG) is a good way to solve the issue for these special protocols. 

What problems does NAT64 solve?

NAT64 lays down a foundation for IPv6 clients to connect with IPv4 servers.  It works similarly to network address port translation (NAPT44). In NAPT, the source address and port are translated using a NAT pool.

When IPv6 clients send packets, NAT64 devices convert these packets to IPv4. This translation uses an IP/ICMP algorithm that maps IPv4 addresses to IPv6 and assigns a prefix for stateful NAT64. 

For basic functionality, NAT64 utilizes a stateful network address translation 64 function within the device and DNS64-enabled servers accessible to IPv6-only hosts.

How NAT64 works 

NAT64 lets IPv6-only devices connect with IPv4-only servers by creating a special IPv6 address for IPv4 resources. The process starts when a DNS64 server gets a request from an IPv6 client for an IPv4-only domain. Since no IPv6 address exists, DNS64 generates a new IPv6 address with the embedded IPv4 address.

The server places the IPv4 address in the last 32 bits of a 128-bit IPv6 address. The first part of this IPv6 address uses a 96-bit prefix, which is unique to DNS64 and NAT64 systems. This prefix helps direct network traffic to the NAT64 gateway for translation between IPv4 and IPv6.

When the IPv6 client tries to connect to the synthetic IPv6 address, it routes to the NAT64 gateway. The gateway reads the last 32 bits of the address to find the original IPv4 destination.

With the IPv4 address, the network address translation 64 gateway sends the request to the IPv4-only server. When the server responds, the NAT64 gateway converts it back to IPv6 and sends it to the client. This way, the IPv6-only devices access data on IPv4-only servers.

One network address translation-based technology, 464XLAT, commonly works in mobile networks to support IPv6 transition. Fixed-line networks, however, have been slower in adopting IPv6 transition technologies. 

While network address translation 64, 464XLAT, and other methods like MAP-E have been discussed widely, the actual use of NAT64 in fixed-line networks remains unclear. Its effects on path length and latency in these networks is also poorly understood.  For this reason, it’s essential to measure deployment levels regularly.

NAT64 is particularly useful in IPv6-only networks, such as mobile networks. 

Components of NAT64

Network address translation 64 is a significant enabler for transitioning from IPv4 to IPv6. The key components involved in enabling seamless communication between IPv4 and IPv6 protocols are the NAT64 gateway, DNS64, IPv4 and IPv6 address pools, and a dedicated network address translation 64 prefix.

NAT64 gateway

This is the primary translation device in a network address translation 64 setup. It bridges IPv4 and IPv6 networks so they can talk to one another. For it to work, the gateway needs at least one IPv4 address and access to an IPv6 network. 

The NAT64 gateway creates a mapping between IPv6 and IPv4 addresses. This can be done automatically (stateless mapping) or manually (stateful mapping). In stateless network address translation 64, the method maps IPv6 addresses to IPv4 addresses without tracking session data. It uses a set prefix, like 64:ff9b::/96, to generate the IPv6 address

Stateful NAT64, on the other hand, keeps track of each translation for a more flexible and dynamic address mapping between IPv6 and IPv4.

DNS64

DNS64 works with this type of network address translation to help IPv6-only clients access IPv4-only domains. It creates "fake" IPv6 (AAAA) records for these IPv4 addresses so IPv6-only clients can reach IPv4 resources upon resolving them as if they were on IPv6.

IPv4 and IPv6 address pools

These are groups of available IP addresses that network address translation 64 can use for translations. The IPv4 pool provides addresses for IPv6 clients to access IPv4 resources, while the IPv6 pool offers addresses when IPv4 clients need access to IPv6 resources.

A dedicated NAT64 prefix

A NAT64 prefix is used in the algorithmic translation of a synthetic IPv6 address to an IPv4 address. It has several key uses:

• It sets the DNS64 prefix for creating AAAA records that point to IPv4-only destinations.
• It helps identify synthetic IPv6 addresses in incoming packets, allowing network address translation 64 to find the original IPv4 address within them.
• It connects IPv6 clients to IPv4-only destinations so IPv6 devices can access IPv4 networks.

These components work together to overcome the differences between IPv4 and IPv6. 

Features of NAT64

NAT64 features bidirectional translation, meaning it supports data flow in both directions. This ensures that devices on IPv6 networks can reach IPv4-only servers, while IPv4-only devices can also access IPv6 resources. The two-way capability is essential for reliable communication between the two IP versions.

Scalability is another feature of NAT64. Designed to support numerous simultaneous connections, network address translation 64 handles many active sessions while maintaining performance. High-traffic environments, such as data centers, benefit from NAT64's ability to manage large numbers of users needing cross-protocol access.

Finally, configuration flexibility is a mark of network address translation 64. It offers customizable translation rules and policies. Network administrators use it to adjust NAT64's behavior to fit specific network needs. Rules can define which types of traffic are translated or specify translation behaviors for certain devices.

Benefits of using NAT64

NAT64 is an integral transition mechanism for IPv6-only clients. From addressing the IPv4 address shortage to providing seamless communication, consider below all the benefits of using this type of network address translation.

• Device compatibility. Even though most modern devices support IPv6, many older ones only support IPv4. NAT64 is needed to connect these IPv4-only devices across an IPv6 network.
• Application compatibility. Some older applications still use IPv4 addresses in their higher layers. Since these applications will likely remain in use for a while, network address translation 64 is essential for adapting them to IPv6. 
• Address shortage. As IPv4 addresses run out, IPv6 addresses are assigned to new devices. However, much of the available content on the Internet is still IPv4. NAT64 enables these IPv6-only devices to access that content. 
• Future content shift. With most content likely moving to IPv6, many IPv4-only devices will remain; NAT64 enables their access to IPv6 content.
• Seamless communication. NAT64 lets IPv4-only and IPv6-only devices communicate with minimal user effort, simplifying transitions between the two protocols.

As the Internet expands and the need for IPs continues to grow, NAT64 and similar technologies will be in high demand.

Limitations of NAT64

This type of network address translation doesn't work flawlessly in every scenario and with all protocols. NAT64 rules do not support:

• VoIP. NAT64 can interfere with the real-time nature of Voice over IP traffic, leading to quality issues like latency. 
• Protocols like IPSec. Network address translation 64 does not translate packets of specific protocols, including Stream Control Transmission Protocol (SCTP), Datagram Congestion Control Protocol (DCCP), and IPSec. 
• HTTPS inspection. Analyzing encrypted traffic becomes complex due to address translation.
• SSL demultiplexing. NAT64 can interfere with connection tracking so it becomes difficult to identify multiple connections from a single IP.
• Hop-by-hop extension headers. Network address translation 64 does not support translating hop-by-hop extension headers in IPv6 packets. This limitation means any instructions included in these headers will be lost during translation.
• ESP and EH headers. Network address translation 64 fails to translate Encapsulating Security Payload (ESP) and Extension Header (EH) headers in IPv6 packets. Consequently, the security information and options in these headers are not preserved. 
• Multicast packets. This means that packets intended for multiple destinations cannot be processed appropriately. 

Applications of NAT64

Network address translation 64 is used widely across sectors to support a smooth transition to IPv6. Large organizations deploy NAT64 within their IPv6-enabled networks to maintain access to legacy IPv4 services. 

Similarly, ISPs and data centers rely on NAT64. They incorporate network address translation 64 to grant customers continued access to IPv4 content. As a result, users experience a smooth browsing experience even as network protocols evolve.

In mobile networks, network address translation 64 is equally vital. Mobile network operators use it to manage IPv6 traffic from mobile devices while still supporting older IPv4 applications.

Frequently asked questions

What is a NAT64 server? 

A network address translation 64 server is a device or software that allows IPv6 hosts and clients to actively connect to IPv4 hosts and servers.

What is the difference between stateful and stateless NAT64?

Stateful NAT64 maps multiple IPv6 addresses to a single IPv4 address, while stateless NAT64 creates a one-to-one mapping.

What purpose does NAT64 serve in IPv6?

Network address translation 64 allows IPv6-only hosts to communicate with IPv4 hosts, permitting IPv4-to-IPv6 transition and coexistence.