Prisma SD-WAN
NAT64: Connecting IPv6 Clients to IPv4 Servers
Table of Contents
NAT64: Connecting IPv6 Clients to IPv4 Servers
Learn how NAT64 connects IPv6 clients to IPv4 servers.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Purpose
The primary purpose of NAT64 with DNS64 is to enable an IPv6-only client to
communicate with an IPv4-only server. It bridges the gap between the two distinct IP
protocols by translating addresses and facilitating DNS resolution.
Mechanism
The process relies on two key components: a DNS64 server and a NAT64 gateway.
- The IPv6 client sends a DNS query for a domain name to the DNS64 server.
- The DNS64 server discovers that the destination server only has an IPv4 address (an A record).
- It then synthesizes an IPv6 address (a AAAA record) by embedding the server's IPv4 address into a well-known IPv6 prefix, such as 64:ff9b::/96, and sends this back to the client.
- The IPv6 client sends its traffic to this synthesized IPv6 destination address.
- The NAT64 gateway receives this packet, removes the special prefix to recover the original IPv4 destination address, and translates the client's source IPv6 address to an IPv4 address from its NAT pool.
- The gateway then forwards the translated IPv4 packet to the IPv4 server.
Example Workflow
- An IPv6 Client (2001:db8::1) wants to connect to www.natexample.com, which is an IPv4-only server at 203.0.113.10.
- The client queries the DNS64 server, which synthesizes and returns the AAAA record 64:ff9b::cb00:710a.
- The client sends an IPv6 packet with Source: 2001:db8::1 and Destination: 64:ff9b::cb00:710a.
- The Prisma SD-WAN device performs an initial translation, changing the source address to its WAN IP: 2001:db8:2001::1.
- The NAT64 gateway receives this packet. It removes the 64:ff9b::/96 prefix to get the destination 203.0.113.10 and translates the source address to 192.0.10.10 from its NAT pool.
- The final IPv4 packet (Source: 192.0.10.10, Destination: 203.0.113.10) is sent to the application server.