NAT64 How to complete State address translation with DNS64

This blog post will give you a detailed description of how NAT64 with DNS64 to complete State address translation, and some of the things you need to be aware of when you use it.

In the process of IPV6 evolution, the network side of the IPV6 ready degree is higher, but the business side IPv6 is not optimistic, so the exchange of IPV6 network and IPV4 Network, has become the focus of the current network builders, especially IPV6 user access to IPV4 server scene.

The NAT444 and Ds-lite Technologies described earlier are for IPV4 users to visit the IPV4 business, IPV6 users to visit IPV6 business services, not to resolve IPV4 and IPV6 exchange requirements. NAT64 is designed for IPv4 and IPV6 visits, and can be used in conjunction with NAT444 or Ds-lite to meet a variety of business applications.

Nat64+dns64 is a stateful address translation protocol (stateful and stateless address translation protocol, introduced separately in the later stage), supports IPV6 network side users to initiate access to IPV4 network side server resources, and NAT64 also supports the manual configuration of static mapping relationships, Implement IPV4 network side users to initiate access to IPV6 network resources. Among them, NAT64 performs Ipv4-ipv6 address conversion and protocol transformation, DNS64 realizes domain name address resolution.

There are three typical scenarios for NAT64+DNS64.

Application One: IPV4 idc/isp site provides business for IPV6 users.

Application two: IPV6 user and IPV4 User Exchange service within the Operation network.

Application Three: Ipv6-only idc/isp site for IPV4 users to provide business.

One application of NAT64 is the most important business scene, the application of the three is more advanced business scenarios.

For IPV6 user access to the IPV4 idc/isp scenario, the specific business process is as follows:

1.ipv6 host initiates example.com AAAA domain name resolution to DNS64 (host configuration DNS address is DNS64)

2.DNS64 triggers aaaa to DNS AAAA query;

3.DNS AAAA returns null information to DNS64;

4.DNS64 then triggers a request to DNS A to query;

5.DNS a returns a record of example.com (192.0.2.1);

6.DNS64 synthesis IPv6 Address (2001:db8:cdfe::192.0.2.1), return AAAA response to IPV6 host;

The 7.ipv6 host initiates the IPV6 packet with the destination address of 2001:db8:cdfe::192.0.2.1; Because NAT64 notices the configured IPV6 IPV6 in the Prefix domain, the packet is forwarded to the NAT64 device;

8.nat64 performs address translation and protocol conversion with the destination address converted to 192.0.2.1, the source address is based on address state conversion (2001:db8::1,1500)-> (203.0.113.1,2000), and routed to IPV4 server within the IPV4 domain;

9. Data packet return, destination address and port for 203.0.113.1,2000;

10.nat64 according to the existing records for conversion, the destination address is converted to 2001:db8::1, the source address is a IPV6 prefix IPv4 server address 2001:db8:cdfe::192.0.2.1, sent to the IPV6 host;

It is clear from the business process that DNS64 is embedding the IPv4 address of the IPV4 server into the IPV6 address, a process called compositing. (RFC6052 gives the format of ipv4-embedded IPV6 address). NAT64 translation IPV6 address to IPv4 address, for the destination address (IPV4 server address, is embedded IPv4 IPv6 address) According to the rules of direct conversion to the IPV4 address, this process is stateless address translation, for the source address (IPv6 user address) Converted to public network IPV4 address (usually from a configured IPV4 address pool randomly select an available IPV4 address and port number), this process is stateful address translation (NAT64). The NAT64 device records this state information at the same time for address translation when the data stream returns.

In NAT64+DNS64 deployments, it is necessary to note that DNS64 address synthesis uses ipv6-prefix consistent with NAT64 configuration Ipv6-prefix. If there are multiple NAT64 devices in the network, each NAT64 configuration Ipv6-prefix is different, DNS64 can control the business load between ipv6-prefix through different IPv6 synthetic NAT64 addresses ( The premise is to be able to ensure that NAT64 can achieve IPV4 server interoperability.

In addition, NAT64 devices need to publish routes to both the IPV4 network and the IPV6 network. NAT64 with IPV6 network connection port configuration IPv6 address, to IPV6 network release configured Ipv6-prefix route, if NAT64 configured more than one ipv6-prefix, need to select appropriate summary way to publish IPv6 route; NAT64 the IPV4 network-connected port configuration IPv4 address, the IPV4 address pool route configured to IPV4 Network publishing.

NAT64 devices are usually deployed at network boundaries, such as IPV6 metropolitan area Network and IPV4 metropolitan area network interconnection level and IPV4 IDC Center of the export router level.