In this lesson we’ll take a look how to configure NAT64 so that an IPv4 host can communicate with an IPv6 host. Here’s the topology I will use:
On the left side we have R1 where we use IPv4, on the right side we use R3 which only uses IPv6.
R2 in the middle will be configured for static NAT64 so that these two routers can communicate with each other.
NAT64 is a bit more complicated than “regular” NAT that you know from IPv4. When we use IPv4 NAT for internet connectivity then you only need to translate the source address, with NAT64 we have to translate everything.
When we send a packet from R1 to R3, what destination address will we use? R1 only understands IPv4 and R3 only understands IPv6.
To make this work, R1 needs to think it’s talking to an IPv4 address and R3 needs to think it’s talking with an IPv6 address. We’ll need some “mapping” between addresses and protocols on our NAT64 router.
Let’s take a look how it works…
I will configure everything from scratch, let’s start with the interfaces:
R1(config)#interface FastEthernet 0/0 R1(config-if)#ip address 192.168.12.1 255.255.255.0
R2(config)#interface FastEthernet 0/0 R2(config-if)#ip address 192.168.12.2 255.255.255.0 R2(config)#interface FastEthernet 1/0 R2(config-if)#ipv6 address 2001:DB8:2323:2323::2/64
R3(config)#interface FastEthernet 0/0 R3(config-if)#ipv6 address 2001:DB8:2323:2323::3/64
That’s all we need. R2 will require unicast routing or it won’t do any NAT64 at all:
R3 will require a default route to R2, you’ll see why when we configure NAT64:
R3(config)#ipv6 route ::/0 2001:DB8:2323:2323::2
Before we configure NAT64, let’s do a quick test to make sure R2 can reach both routers:
R2#ping 192.168.12.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/2 ms
R2#ping 2001:DB8:2323:2323::3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:2323:2323::3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/2 ms
So far so good, now we can enable NAT64. First we have to enable it on the interfaces:
R2(config)#interface FastEthernet 0/0 R2(config-if)#nat64 enable
R2(config)#interface FastEthernet 1/0 R2(config-if)#nat64 enable
Once you enable this you will see a syslog message that tells us that a virtual interface has been created:
%LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
Now we can configure the actual translation rules. We will use a fake IPv4 address that R1 can use as its destination and a fake IPv6 address that R3 can use as its destination.
IANA has allocated prefix 64:FF9B::/96 for NAT64 translations. When R2 receives anything that starts with this prefix then it will be processed by NAT64. We can use this prefix or we can use another one, I’ll show you how to choose your own prefix:
R2(config)#nat64 prefix stateful 3001::/96
Now we can use prefix 3001::/96 for our translation.
Let’s configure the actual translation rule: