Manual Chapter : Using NAT64 to Map IPv6 Addresses to IPv4 Destinations

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 14.1.0, 14.0.0
Manual Chapter

Using NAT64 to Map IPv6 Addresses to IPv4 Destinations

Overview: NAT64

For the BIG-IP system CGNAT module, NAT64 is the NAT type that maps IPv6 subscriber private addresses to IPv4 Internet public addresses. NAT64 translates subscriber IPv6 addresses to public Internet IPv4 addresses and allows Internet traffic from an IPv6 client to reach a public IPv4 server. The CGNAT module processes NAT64 traffic, as defined in
RFC 6146
for TCP and UDP addresses.
Diagram of a NAT64 network
NAT64 network diagram

NAT64 example

This NAT64 example shows the BIG-IP® system CGNAT module mapping of IPv6 subscriber private addresses to IPv4 Internet public addresses.
A NAT64 example configuration
In this example, an IPv6 client initiates a request to the IPv4 server, using a source address of
2001:db8::1,1500
and a destination address of
64:ff9b::192.0.2.1,80
. The NAT64 on the BIG-IP® system selects an available port for the IPv4 address
203.0.113.1,2000
, and creates a mapping entry from
2001:db8::1,1500
to
203.0.113.1,2000
. The NAT64 translates the IPv6 header into an IPv4 header, including
203.0.113.1,2000
as the source address and
192.0.2.1,80
as the destination address, and sends the translated packet to the IPv4 server.
The IPv4 server responds with a server packet, which includes a destination address of
203.0.113.1,2000
and source address of
192.0.2.1,80
. Upon receipt of the IPv4 server packet, the NAT64 translates the IPv4 header into an IPv6 header, which includes
2001:db8::1,1500
as the source address, and sends the response to the client.

Creating a NAT64 LSN pool

The CGNAT module must be enabled through
System
Resource Provisioning
before you can configure LSN pools.
Large Scale NAT (LSN) pools are used by the CGNAT module to allow efficient configuration of translation prefixes and parameters.
  1. On the Main tab, click
    Carrier Grade NAT
    LSN Pools
    .
    The LSN Pool List screen opens.
  2. Click
    Create
    .
  3. In the
    Name
    field, type a unique name.
  4. Select
    NAPT
    or
    PBA
    for the pool's translation
    Mode
    .
  5. For the
    Member List
    setting, in the
    Address/Prefix Length
    field, type an IPv4 address and a prefix length and click
    Add
    .
    In a NAT64 implementation, an example of an IPv4 member address and prefix is
    203.0.113.0/24
    .
  6. Click
    Finished
    .
Your LSN pool is now ready, and you can continue to configure your CGNAT.

Creating a NAT64 virtual server for an LSN pool

Virtual servers are matched based on source (client) addresses. Define a NAT64 virtual server that references the CGNAT profile and the LSN pool.
  1. On the Main tab, click
    Carrier Grade NAT
    Virtual Servers
    .
    The Virtual Server List screen opens.
  2. Click
    Create
    .
    The New Virtual Server screen opens.
  3. In the
    Name
    field, type a unique name for the virtual server.
  4. From the
    Type
    list, select
    Performance (Layer 4)
    .
  5. In the
    Destination Address/Mask
    field, type the IPv6 address in CIDR format.
    The supported format is address/prefix, where the prefix length is in bits. For example, an IPv6 address/prefix is
    64:ff9b::/64
    or
    2001:ed8:77b5:2::/64
    .
  6. In the
    Service Port
    field, type
    *
    or select
    * All Ports
    from the list.
  7. From the
    Configuration
    list, select
    Advanced
    .
  8. From the
    Protocol
    list, select
    * All Protocols
    .
  9. For the
    LSN Pool
    setting, select the pool that this server will draw on for translation addresses.
  10. For the
    Address Translation
    setting, select the
    Enabled
    check box to enable address translation.
  11. For the
    Port Translation
    setting, clear the
    Enabled
    check box.
  12. For the
    NAT64
    setting, select the
    Enabled
    check box.
  13. In the Resources area of the screen, for the
    iRules
    setting, select the name of the iRule that you want to assign and using the Move button, move the name from the
    Available
    list to the
    Enabled
    list.
  14. Click
    Finished
    .
The custom CGNAT NAT64 virtual server now appears in the CGNAT Virtual Servers list.

Configuring an ALG profile

An ALG profile provides the CGNAT module with protocol and service information to make specified packet modifications to the IP and TCP/UDP headers, as well as the payload during translation.
Edit only copies of the included ALG profiles to avoid unwanted propagation of settings to other profiles that use the included profiles as parents.
  1. On the Main tab, click
    Carrier Grade NAT
    ALG Profiles
    .
  2. In the ALG Profiles menu, click an ALG profile.
  3. Click
    Create
    .
    The New Profile screen opens.
  4. Type a name for the new profile.
  5. From the
    Parent Profile
    list, ensure that the correct parent profile is selected as the new profile.
  6. Select the
    Custom
    check box on the right.
  7. Configure the profile settings.
  8. Click
    Finished
    to save the new ALG profile.
You now have an ALG profile for use by CGNAT.

Configuring a CGNAT iRule

You create iRules to automate traffic forwarding for XML content-based routing. When a match occurs, an iRule event is triggered, and the iRule directs the individual request to an LSN pool, a node, or virtual server.
  1. On the Main tab, click
    Carrier Grade NAT
    iRules
    .
    The iRule List screen opens.
  2. Click
    Create
    .
  3. In the
    Name
    field, type a 1 to 31 character name, such as
    cgn_https_redirect_iRule
    .
  4. In the
    Definition
    field, type the syntax for the iRule using Tool Command Language (Tcl) syntax.
    For complete and detailed information about iRules syntax, see the F5 Networks DevCentral web site (
    http://devcentral.f5.com
    ).
  5. Click
    Finished
    .
You now have an iRule to use with a CGNAT virtual server.