Manual Chapter :
Using NAT64 to Map IPv6 Addresses to IPv4 Destinations
Applies To:
Show VersionsBIG-IP LTM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1
Using NAT64 to Map IPv6 Addresses to IPv4 Destinations
Overview: NAT64
For the BIG-IP system CGNAT module, NAT64 is the NAT type that maps IPv6
subscriber private addresses to IPv4 Internet public addresses. NAT64 translates subscriber IPv6
addresses to public Internet IPv4 addresses and allows Internet traffic from an IPv6 client to
reach a public IPv4 server. The CGNAT module processes NAT64 traffic, as defined in
RFC
6146
for TCP and UDP addresses.NAT64 example
This NAT64 example shows the BIG-IP system CGNAT module mapping of IPv6
subscriber private addresses to IPv4 Internet public addresses.
In this example, an IPv6 client initiates a request to the IPv4 server, using a source address
of
2001:db8::1,1500
and a destination address of
64:ff9b::192.0.2.1,80
. The NAT64 on the BIG-IP
system selects an available port for the IPv4 address 203.0.113.1,2000
,
and creates a mapping entry from 2001:db8::1,1500
to
203.0.113.1,2000
. The NAT64 translates the IPv6 header into an IPv4
header, including 203.0.113.1,2000
as the source address and
192.0.2.1,80
as the destination address, and sends the translated packet
to the IPv4 server.The IPv4 server responds with a server packet, which includes a destination address of
203.0.113.1,2000
and source address of
192.0.2.1,80
. Upon receipt of the IPv4 server packet, the NAT64
translates the IPv4 header into an IPv6 header, which includes
2001:db8::1,1500
as the source address, and sends the response to the
client.Creating a NAT64 LSN pool
The CGNAT module must be enabled through
before you can configure LSN pools.Large Scale NAT (LSN) pools are used by the CGNAT module to allow efficient
configuration of translation prefixes and parameters.
- On the Main tab, click.The LSN Pool List screen opens.
- ClickCreate.
- In theNamefield, type a unique name.
- SelectNAPTorPBAfor the pool's translationMode.
- For theMember Listsetting, in theAddress/Prefix Lengthfield, type an IPv4 address and a prefix length and clickAdd.In a NAT64 implementation, an example of an IPv4 member address and prefix is203.0.113.0/24.
- ClickFinished.
Your LSN pool is now ready, and you can continue to configure your CGNAT.
Creating a NAT64 virtual server for an LSN pool
Virtual servers are matched based on source (client) addresses. Define a NAT64
virtual server that references the CGNAT profile and the LSN pool.
- On the Main tab, click.The Virtual Server List screen opens.
- ClickCreate.The New Virtual Server screen opens.
- In theNamefield, type a unique name for the virtual server.
- From theTypelist, selectPerformance (Layer 4).
- In theDestination Address/Maskfield, type the IPv6 address in CIDR format.The supported format is address/prefix, where the prefix length is in bits. For example, an IPv6 address/prefix is64:ff9b::/64or2001:ed8:77b5:2::/64.
- In theService Portfield, type*or select* All Portsfrom the list.
- From theConfigurationlist, selectAdvanced.
- From theProtocollist, select* All Protocols.
- For theLSN Poolsetting, select the pool that this server will draw on for translation addresses.
- For theAddress Translationsetting, select theEnabledcheck box to enable address translation.
- For thePort Translationsetting, clear theEnabledcheck box.
- For theNAT64setting, select theEnabledcheck box.
- In the Resources area of the screen, for theiRulessetting, select the name of the iRule that you want to assign and using the Move button, move the name from theAvailablelist to theEnabledlist.
- ClickFinished.
The custom CGNAT NAT64 virtual server now appears in the CGNAT Virtual Servers
list.
Configuring an ALG
profile
An ALG profile provides the CGNAT module with
protocol and service information to make specified packet modifications to the IP and
TCP/UDP headers, as well as the payload during translation.
Edit only
copies of the included ALG profiles to avoid unwanted propagation of settings to
other profiles that use the included profiles as parents.
- On the Main tab, click.
- In the ALG Profiles menu, click an ALG profile.
- ClickCreate.The New Profile screen opens.
- Type a name for the new profile.
- From theParent Profilelist, ensure that the correct parent profile is selected as the new profile.
- Select theCustomcheck box on the right.
- Configure the profile settings.
- ClickFinishedto save the new ALG profile.
You now have an ALG profile for use by CGNAT.
Configuring a CGNAT
iRule
You create iRules to automate traffic forwarding
for XML content-based routing. When a match occurs, an iRule event is triggered, and the
iRule directs the individual request to an LSN pool, a node, or virtual
server.
- On the Main tab, click.The iRule List screen opens.
- ClickCreate.
- In theNamefield, type a 1 to 31 character name, such ascgn_https_redirect_iRule.
- In theDefinitionfield, type the syntax for the iRule using Tool Command Language (Tcl) syntax.For complete and detailed information about iRules syntax, see the F5 Networks DevCentral web site (http://devcentral.f5.com).
- ClickFinished.
You now have an iRule to use with a CGNAT virtual server.