CCIE must know: NAT64 protocol overview
NAT (Network Address Translation) was proposed in 1994. When some hosts inside the private network have been assigned local IP addresses, but now want to communicate with hosts on the Internet, you can use the NAT method. It is defined in RFC 1631. The original purpose of NAT is similar to CIDR, but also to slow down the depletion speed of the available IP address space. The implementation method is to use a small number of public IP addresses to represent a large number of private IP addresses. Over time, people find that NAT is very useful for applications such as network migration, network convergence, and server load sharing.
IPv4 was originally created in the 1970s, earlier than the current Internet, earlier than the World Wide Web, earlier than the ubiquitous broadband services that are always online, and earlier than smart phones. At the beginning of its creation, the 4.3 billion addresses owned by IPv4 were extremely wealthy for the trivial experimental TCP/IP network to be supported, but the number of people currently connected to the Internet has exceeded 3.2 billion, and there are a large number of other devices connected to the Internet . No matter what scale the IoT will develop in the future, the current 4.3 billion addresses are far from meeting the demand. From a capacity perspective, we have exhausted IPv4 addresses in the mid-1990s. We just use the expanded IPv4 available addresses for the Internet of Things that far exceeds the capacity of IPv4 addresses through many means.
So IPv6 is not necessary, but there are still many difficulties before transitioning to an IPv6 network.
- The Internet lacks centralized management and is an alliance of a large number of independently managed autonomous systems, so there is no way to force or coordinate everyone to switch from IPv4 to IPv6.
- The network fully supports IPv6 requires a lot of financial resources, manpower and technology.
- IPv6 and IPv4 are not backward compatible. IPv6 was originally born in the 1990s. At that time, designers believed that operators would definitely actively deploy IPv6. Few people thought that IPv6 deployment would face many obstacles.
NAT64 is a stateful network address and protocol conversion technology, and generally only supports initiating a connection to access IPv4 side network resources through an IPv6 network side user. However, NAT64 also supports manual configuration of static mapping relationships to enable IPv4 networks to initiate connections to access IPv6 networks.
Although most devices now support IPv6, there are still many older devices that only support IPv4. These devices need to be interconnected through an IPv6 network in some way. NAT64 can realize the conversion of IPv6 and IPv4 network addresses and protocols under TCP, UDP and ICMP protocols.
And because IPv6 is not compatible with IPv4, it is necessary to have the necessary migration mechanism, such as dual stack, tunnel and conversion.
- Dual stack interface: The simplest way to maintain the coexistence of IPv4 and IPv6 is to configure two protocols for the interface. The version of the IP protocol used depends on the version of the data packet received from the device or the type of address returned by DNS when querying the device address. Although dual stacks are the desired means of migration from IPv4 to IPv6, the premise is that the migration process must be completed before the IPv4 addresses are exhausted.
- Tunnel: The tunnel also solves the problem of coexistence. The tunnel allows devices or sites of one protocol version to traverse network segments of another protocol version (including the Internet), so that two IPv4 devices or sites can exchange IPv4 data packets through an IPv6 network, and between two IPv6 devices or sites You can also exchange IPv6 data packets through an IPv4 network.
- Conversion: The conversion technology is to change the packet header of one protocol version to the packet header of another protocol version, thus solving the interoperability problem between IPv4 devices and IPv6 devices.
A simple NAT64 setup may be a gateway where two interfaces of a device are connected to an IPv4 network and an IPv6 network. The traffic of the IPv6 network is routed through the gateway, which performs all necessary translations on the packets transmitted between the two networks. However, this translation is not symmetric because the IPv6 address space is much larger than the IPv4 address space, so one-to-one address mapping is not possible.
Generally speaking, NAT64 is designed to be used when an IPv6 host initiates communication. But there are some mechanisms that allow reverse scenarios, such as static address mapping.
Not every type of resource can be accessed with NAT64. Protocols embedded with IPv4 literal addresses (such as SIP and SDP, FTP, WebSocket, Skype, MSN, etc.) cannot be supported. For SIP and FTP, the application layer gateway (ALG) technology can solve the problem,
So far, NAT64 is not a good solution. The limitations of NAT64 currently determined are as follows:
- Without static address mapping entries, IPv4 devices are not allowed to initiate session requests to IPv6 devices;
- The software has limited support for NAT64;
- Like all other converters, it does not support IP multicast;
- Many applications are not supported.
Get 100% accurate CCIE/ CCNP/CCNA/HCIE dumps in IELAB .
Please follow us if you like our articles.
visit us: http://ielab.network
Facebook : https://www.facebook.com/ielab.network/