Manual Chapter : Using NAT64 to Map IPv6 Addresses to IPv4 Destinations

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
Manual Chapter

Using NAT64 to Map IPv6 Addresses to IPv4 Destinations

Overview: NAT64

For the BIG-IP® system CGNAT module, NAT64 is the NAT type that maps IPv6 subscriber private addresses to IPv4 Internet public addresses. NAT64 translates subscriber IPv6 addresses to public Internet IPv4 addresses and allows Internet traffic from an IPv6 client to reach a public IPv4 server. The CGNAT module processes NAT64 traffic, as defined in RFC 6146 for TCP and UDP addresses.

NAT64 network diagram

Diagram of a NAT64 network

Task summary

NAT64 example

This NAT64 example shows the BIG-IP® system CGNAT module mapping of IPv6 subscriber private addresses to IPv4 Internet public addresses.

A NAT64 example configuration

In this example, an IPv6 client initiates a request to the IPv4 server, using a source address of 2001:db8::1,1500 and a destination address of 64:ff9b::192.0.2.1,80. The NAT64 on the BIG-IP® system selects an available port for the IPv4 address 203.0.113.1,2000, and creates a mapping entry from 2001:db8::1,1500 to 203.0.113.1,2000. The NAT64 translates the IPv6 header into an IPv4 header, including 203.0.113.1,2000 as the source address and 192.0.2.1,80 as the destination address, and sends the translated packet to the IPv4 server.

The IPv4 server responds with a server packet, which includes a destination address of 203.0.113.1,2000 and source address of 192.0.2.1,80. Upon receipt of the IPv4 server packet, the NAT64 translates the IPv4 header into an IPv6 header, which includes 2001:db8::1,1500 as the source address, and sends the response to the client.

Creating a NAT64 LSN pool

The CGNAT module must be enabled through System > Resource Provisioning before you can configure LSN pools.
Large Scale NAT (LSN) pools are used by the CGNAT module to allow efficient configuration of translation prefixes and parameters.
  1. On the Main tab, click Carrier Grade NAT > LSN Pools .
    The LSN Pool List screen opens.
  2. Click Create.
  3. In the Name field, type a unique name.
  4. For the Member List setting, in the Address/Prefix Length field, type an address and a prefix length and click Add.
    In a NAT64 implementation, an example of an IPv6 member address and prefix is 64:ff9b::/96.
  5. Click Finished.
Your LSN pool is now ready, and you can continue to configure your CGNAT.

Creating a NAT64 virtual server for an LSN pool

Virtual servers are matched based on source (client) addresses. Define a NAT64 virtual server that references the CGNAT profile and the LSN pool.
  1. On the Main tab, click Carrier Grade NAT > Virtual Servers .
    The Virtual Server List screen opens.
  2. Click the Create button.
    The New Virtual Server screen opens.
  3. In the Name field, type a unique name for the virtual server.
  4. From the Type list, select Performance (Layer 4).
  5. In the Destination Address field, type the IPv6 address in CIDR format.
    The supported format is address/prefix, where the prefix length is in bits. For example, an IPv6 address/prefix is ffe1::0020/64 or 2001:ed8:77b5:2:10:10:100:42/64.
  6. In the Service Port field, type * or select * All Ports from the list.
  7. From the Configuration list, select Advanced.
  8. From the Protocol list, select * All Protocols.
  9. For the LSN Pool setting, select the pool that this server will draw on for translation addresses.
  10. For the Address Translation setting, select the Enabled check box to enable address translation.
  11. For the Port Translation setting, clear the Enabled check box.
  12. For the NAT64 setting, select the Enabled check box.
  13. In the Resources area of the screen, for the iRules setting, select the name of the iRule that you want to assign and using the Move button, move the name from the Available list to the Enabled list.
  14. Click Finished.
The custom CGNAT NAT64 virtual server now appears in the CGNAT Virtual Servers list.

Configuring an ALG profile

An ALG profile provides the CGNAT module with protocol and service information to make specified packet modifications to the IP and TCP/UDP headers, as well as the payload during translation.
Important: Edit only copies of the included ALG profiles to avoid unwanted propagation of settings to other profiles that use the included profiles as parents.
  1. On the Main tab, click Carrier Grade NAT > ALG Profiles .
  2. In the ALG Profiles menu, click an ALG profile.
  3. Click Create.
    The New Profile screen opens.
  4. Type a name for the new profile.
  5. From the Parent Profile list, ensure that the correct parent profile is selected as the new profile.
  6. Select the Custom check box on the right.
  7. Configure the profile settings.
  8. Click Finished to save the new ALG profile.
You now have an ALG profile for use by CGNAT.

Configuring a CGNAT iRule

You create iRules® to automate traffic forwarding for XML content-based routing. When a match occurs, an iRule event is triggered, and the iRule directs the individual request to an LSN pool, a node, or virtual server.
  1. On the Main tab, click Carrier Grade NAT > iRules .
    The iRule List screen opens.
  2. Click Create.
  3. In the Name field, type a 1 to 31 character name, such as cgn_https_redirect_iRule.
  4. In the Definition field, type the syntax for the iRule using Tool Command Language (Tcl) syntax.
    For complete and detailed information about iRules syntax, see the F5 Networks DevCentral web site (http://devcentral.f5.com).
  5. Click Finished.
You now have an iRule to use with a CGNAT virtual server.