Manual Chapter : Using NAT64 to Map IPv6 Addresses to IPv4 Destinations
Applies To:Show Versions
- 14.1.0, 14.0.0
Using NAT64 to Map IPv6 Addresses to IPv4 Destinations
For the BIG-IP system CGNAT module, NAT64 is the NAT type that maps IPv6 subscriber private addresses to IPv4 Internet public addresses. NAT64 translates subscriber IPv6 addresses to public Internet IPv4 addresses and allows Internet traffic from an IPv6 client to reach a public IPv4 server. The CGNAT module processes NAT64 traffic, as defined in
RFC 6146for TCP and UDP addresses.
This NAT64 example shows the BIG-IP® system CGNAT module mapping of IPv6 subscriber private addresses to IPv4 Internet public addresses.
In this example, an IPv6 client initiates a request to the IPv4 server, using a source address of
2001:db8::1,1500and a destination address of
64:ff9b::192.0.2.1,80. The NAT64 on the BIG-IP® system selects an available port for the IPv4 address
203.0.113.1,2000, and creates a mapping entry from
203.0.113.1,2000. The NAT64 translates the IPv6 header into an IPv4 header, including
203.0.113.1,2000as the source address and
192.0.2.1,80as the destination address, and sends the translated packet to the IPv4 server.
The IPv4 server responds with a server packet, which includes a destination address of
203.0.113.1,2000and source address of
192.0.2.1,80. Upon receipt of the IPv4 server packet, the NAT64 translates the IPv4 header into an IPv6 header, which includes
2001:db8::1,1500as the source address, and sends the response to the client.
Creating a NAT64 LSN pool
The CGNAT module must be enabled throughbefore you can configure LSN pools.
Large Scale NAT (LSN) pools are used by the CGNAT module to allow efficient configuration of translation prefixes and parameters.
- On the Main tab, click.The LSN Pool List screen opens.
- In theNamefield, type a unique name.
- SelectNAPTorPBAfor the pool's translationMode.
- For theMember Listsetting, in theAddress/Prefix Lengthfield, type an IPv4 address and a prefix length and clickAdd.In a NAT64 implementation, an example of an IPv4 member address and prefix is203.0.113.0/24.
Your LSN pool is now ready, and you can continue to configure your CGNAT.
Creating a NAT64 virtual server for an LSN pool
Virtual servers are matched based on source (client) addresses. Define a NAT64 virtual server that references the CGNAT profile and the LSN pool.
- On the Main tab, click.The Virtual Server List screen opens.
- ClickCreate.The New Virtual Server screen opens.
- In theNamefield, type a unique name for the virtual server.
- From theTypelist, selectPerformance (Layer 4).
- In theDestination Address/Maskfield, type the IPv6 address in CIDR format.The supported format is address/prefix, where the prefix length is in bits. For example, an IPv6 address/prefix is64:ff9b::/64or2001:ed8:77b5:2::/64.
- In theService Portfield, type*or select* All Portsfrom the list.
- From theConfigurationlist, selectAdvanced.
- From theProtocollist, select* All Protocols.
- For theLSN Poolsetting, select the pool that this server will draw on for translation addresses.
- For theAddress Translationsetting, select theEnabledcheck box to enable address translation.
- For thePort Translationsetting, clear theEnabledcheck box.
- For theNAT64setting, select theEnabledcheck box.
- In the Resources area of the screen, for theiRulessetting, select the name of the iRule that you want to assign and using the Move button, move the name from theAvailablelist to theEnabledlist.
The custom CGNAT NAT64 virtual server now appears in the CGNAT Virtual Servers list.
Configuring an ALG
An ALG profile provides the CGNAT module with protocol and service information to make specified packet modifications to the IP and TCP/UDP headers, as well as the payload during translation.
Edit only copies of the included ALG profiles to avoid unwanted propagation of settings to other profiles that use the included profiles as parents.
- On the Main tab, click.
- In the ALG Profiles menu, click an ALG profile.
- ClickCreate.The New Profile screen opens.
- Type a name for the new profile.
- From theParent Profilelist, ensure that the correct parent profile is selected as the new profile.
- Select theCustomcheck box on the right.
- Configure the profile settings.
- ClickFinishedto save the new ALG profile.
You now have an ALG profile for use by CGNAT.
Configuring a CGNAT
You create iRules to automate traffic forwarding for XML content-based routing. When a match occurs, an iRule event is triggered, and the iRule directs the individual request to an LSN pool, a node, or virtual server.
- On the Main tab, click.The iRule List screen opens.
- In theNamefield, type a 1 to 31 character name, such ascgn_https_redirect_iRule.
- In theDefinitionfield, type the syntax for the iRule using Tool Command Language (Tcl) syntax.For complete and detailed information about iRules syntax, see the F5 Networks DevCentral web site (http://devcentral.f5.com).
You now have an iRule to use with a CGNAT virtual server.