Describe IPv6 NAT

Exam: Cisco 300-101 - CCNP Implementing Cisco IP Routing (ROUTE v2.0)


Internet Protocol version 6 (IPv6) enables you to handle public IPv4 address exhaustion. The current IPv4 mechanisms undergo a gradual transition to IPv6 and this is happening in a slower pace than required.

IPv4 and IPv6 technologies are not directly interoperable. To facilitate interoperability, you need to use one of the IPv6 transitioning techniques.

Some of the popular IPv6 transitioning methods are:

  • Dual Stack—Using Dual stack technique you can run IPv4 and IPv6 in parallel in your network. This method allows devices to simultaneously manage IPv4 and IPv6 traffic.
  • Tunneling—Encapsulates IPv6 packets within IPv4 packets and vice versa over a network.
  • IPv6/IPv4 Translation—Allows communication between IPv6 and IPv4 networks. This method enables smooth transition to IPv6. IPv6/IPv4 translation is achieved effectively using NAT64 technology. 

IPv6 addresses save you from the IP address depletion. It provides flexibility that you can provide unique public IP addresses to billions of devices around the globe to connect to the Internet. IPv6 eliminates the need for NAT or conservation of IP addresses. There is a wider debate on using IPv6 NAT in combination with redundancy, load balancing, multihoming, and so on to provide more benefits to modern networks.

NAT64

Overview

IPv6 to IPv4 Network Address Translation (NAT64) enables communication between IPv6 and IPv4 networks. Using this method you can smoothly handle IPv6 migration and IPv4 exhaustion. NAT64 is one of the popular network address translation techniques since it supports majority of the translation use cases.

Advantages of NAT64 are:

  • Smooth migration to IPv6 without impacting the quality of Internet experience of IPv6-only users.
  • Service is provided to IPv6 users without any impact on the existing IPv4 network.

Note:You must have the application-layer gateway (ALG) deployed in your network to support translation of the File Transfer Protocol (FTP) and Session Initiation Protocol (SIP) protocols that embed IP address information within the payload.

Types of NAT64

The different types of NAT64 methods are:

  • Stateless NAT64—This network address translation method maps IPv6 addresses to IPv4 addresses and vice versa. The communication can be initiated by IPv6 network or IPv4 network. This method does not modify or create bindings while performing translations.
  • Stateful NAT64—This is a stateful network address translation method for translating IPv6 to IPv4 address and vice versa. This method can modify bindings while performing translations. The communication can be initiated by IPv6 network or IPv4 network using static mappings. 

The major differences between Stateless and Stateful NAT64 are highlighted in this table:

Key Factors Stateless NAT64

Stateful NAT64
Translation Type One-to-one One-to-many
Address Assignment Mode Manual or Domain Host Configuration Protocol Version 6 (DHCPv6) Any mode (Manual or DHCPv6 or  stateless address autoconfiguration (SLAAC))
IPv4 address conservation No Yes
End-to-end address transparency and scalability Available Not available
IPv4-translatable IPv6 addresses assignment Required Not required
Bindings or session state  Neither created nor modified during address translation Created or modified during address translation

How does NAT64 works

Consider an IPv6-only network accessing the web services (acme.com) on an IPv4-only server. DNS64 provides DNS extensions for NAT from IPv6 clients to IPv4 servers. NAT64 and DNS64 are used together to enable IPv6-only clients to access IPv4-only servers.

These are the basic steps involved in NAT64 translation:

1. The IPv6 client queries to the DNS64 server for the AAAA (quad A) record that is an IPv6 address based on the URL acme.com.

2. The DNS64 server synthesizes an IPv6 address based on the first 96-bits (well-known prefix: 64:FF9B::/96) of the IPv6 address of the NAT64 device and the 32-bits of IPv4 address of acme.com server.

For example:

First 96-bits of NAT64 device + IPv4 address of the IPv4 server = 64:FF9B:: + 113.12.4.2

The synthesized IPv6 address will look similar to 64:FF9B::113.12.4.2.

3. The DNS64 server replies to the IPv6 client with the synthesized IPv6 address (64:FF9B::113.12.4.2).

4. The IPv6 client communicates to the NAT64 device with the synthesized IPv6 address.

5. The NAT64 device looks up the lower 32-bits of the IPv6 address and routes the IPv6 clients to acme.com

6. The users in the IPv6-only network can successfully access the acme.com website that resides in an IPv4 web server.

NPTv6

Overview

IPv6-to-IPv6 Network Prefix Translation (NPTv6) is a stateless NAT technique that maps one IPv6 address prefix to another IPv6 prefix. NPTv6 translates a Unique Local Address (ULA) on the internal network to a routable, Global Unicast Address (GUA) on the external network and vice versa. NPTv6 translator is a network device (such as a router) that performs prefix translation between two or more networks. The NPTv6 technology can perform translation between private networks.

Characteristics of NPTv6 technique are:

* Two-way translation
* Overwrite high level IPv6 prefixes
* No conservation of outside addresses
* One-to-one translation
* Supports inbound connection requests
* Algorithmic and Stateless
* Checksum neutral

Advantages of using NPTv6 are:

* Redundancy and Load balancing is possible when multiple NPTv6 translators are used
* Asymmetric Routing
* Transport-layer survivability
* Address independent translation
* Small global routing tables
* Scalable
* Can be distributed across multiple NPTv6-capable devices

Disadvantages of using NPTv6 are:

* Less secured than Stateful NAT and requires additional security configurations
* Does not resolve all the IPv4 architectural issues
* Increased complexity in DNS deployment due to existence of different prefixes for internal and external devices

How does NPTv6 works

Consider an internal IPv6 network connected to an external IPv6 network using an NPTv6 translator. Assume that the external network has connectivity to the Internet.

The locally routed addresses in the internal network are translated to globally routable addresses using the NPTv6 translator. The lengths of the two IPv6 prefixes are the same in this scenario.

When IPv6 traffic flows from inside network to outside network, the NPTv6 translator overwrites the IPv6 source prefix with a corresponding destination prefix.  When traffic flows back from the outside network to inside network, the IPv6 destination prefix is overwritten with a corresponding internal prefix.  As per this example, the source prefix (FD01:0203:0405:/48) is overwritten with the external prefix (2001:0DB8:0001:/48). When the traffic flows from outside to inside, the external prefix (2001:0DB8:0001:/48) is overwritten with the internal prefix (FD01:0203:0405:/48).

Exam Question:

Which of the following methods does not modify or create bindings while performing network address translations?

  1. Stateless NAT64
  2. Stateful NAT64
  3. Network Prefix Translation (NPTv6)
  4. None of the above

Answer 1

The Stateless NAT64 network address translation method maps IPv6 addresses to IPv4 addresses and vice versa. The communication can be initiated by IPv6 network or IPv4 network. This method does not modify or create bindings while performing translations.


Related IT Guides

  1. Configure and verify default routing
  2. Configure and verify IPv4 and IPv6 DHCP
  3. Configure and Verify network types, area types, and router types
  4. Configure and Verify RIPv2
  5. Configure and verify static routing
  6. Describe administrative distance
  7. Describe device security using IOS AAA with TACACS+ and RADIUS
  8. Describe DMVPN (single hub)
  9. Describe, configure, and verify BGP peer relationships and authentication
  10. Explain BGP attributes and best-path selection
  11. Explain Frame Relay
  12. Explain general network challenges
  13. Layer 3 technologies - Describe administrative distance
  14. Use Cisco IOS troubleshooting tools