With DNS64, as defined in RFC 6147, when an IPv6 AAAA resource record (RR) is not available, DNS64 enables the DNS server to synthesize an AAAA record from an IPv4 A record. It allows an IPv6-only client to initiate communications by name to an IPv4-only server. The IPv6 address is generated based on the IPv4 address returned from the A record, an IPv6 prefix, and other parameters.

There are two options for the IPv6 prefix:

  • A well-known prefix (WKP) of 64:FF9B::/96 is reserved for representing IPv4 addresses in IPv6 space.
  • A network-specific prefix (NSP) is assigned by an organization for representing IPv4 addresses in IPv6 space.

DNS64 is used with NAT64 to provide network translation.

NAT64

NAT64 is specified by RFC 7915 for stateless operation and by RFC 6146 for stateful operation. Unlike NAT-PT, NAT64 separates DNS functions from its mechanism. NAT64 is the preferred solution that allows IPv6-only hosts to communicate with public sites that are only in the IPv4 DNS database.

Stateless NAT64

In NAT64 stateless translation, an IPv4 address is directly embedded into an IPv6 address. A limitation of stateless NAT64 translation is that it directly translates only the IPv4 options that have direct IPv6 counterparts, and it does not translate any IPv6 extension headers beyond the fragmentation extension header; however, these limitations are not significant in practice.

With stateless NAT64, a specific IPv6 address range represents IPv4 systems in the IPv6 domain. This range needs to be manually configured on the translation device. The IPv6 hosts are assigned specific IPv6 addresses using manual configuration or DHCPv6. Similar to dual-stack deployments, stateless NAT64 consumes an IPv4 address for each IPv6-only device that desires translation.

Stateful NAT64

Stateful NAT64 multiplexes many IPv6 addresses into a single IPv4 address. The state is created in the NAT64 device for every flow, and only IPv6-initiated flows are supported. There is no binding between an IPv6 address and an IPv4 address, as there is in stateless NAT64.

If an IPv4-only device wants to speak to an IPv6-only server, manual configuration of the translation is required, making this mechanism less attractive for providing IPv6 services toward the IPv4 Internet.

DNS64 is usually also necessary with stateful NAT64, and it works the same with both stateless and stateful NAT64.

Figure 2-13 shows an example of communications between an IPv6 client and an IPv4 server using DNS64 and stateful NAT64. This process involves the following steps:

Figure 2-13 DNS64 and Stateful NAT64 Operation

Step 1. The IPv6 client performs an AAAA record DNS lookup for www.ENSLD.com.

Step 2. The DNS64 server receives the DNS AAAA query.

Step 3. DNS64 sends the AAAA query to the DNS AAAA authoritative server for the domain. Because this server has only an A record, an empty AAAA response is returned.

Step 4. On receiving an empty answer, the DNS64 server sends an A query to the IPv4 DNS A authoritative server.

Step 5. DNS64 receives a DNA A record for www.ENSLD.com.

Step 6. DNS64 synthesizes the AAAA record with the predetermined well-known prefix or the network-specific prefix and returns the AAAA record to the IPv6 client.

Step 7. The IPv6 client connects to www.ENSLD.com using the AAAA DNS response.

Step 8. The NAT64 router receives the IPv6 packet. If the destination address matches the stateful NAT64 prefix, the IPv6 packet undergoes translation:

  1. The IPv6 header is translated to an IPv4 header.
  2. The IPv6 destination address is translated into an IPv4 address by removing the NAT64 prefix.
  3. The IPv6 source address is translated into an IPv4 address from an address pool.
  4. Stateful NAT64 IP address translation states are created for both source and destination addresses.

Step 9. The translated IPv4 packet is forwarded to the server.

Step 10. The www.ENSLD.com server replies to the NAT64 router.

Step 11. The NAT64 router receives the IPv4 packet and performs the following steps:

  1. The router checks that NAT64 translation states exist.
  2. If a translation state does not exist, the router discards the IPv4 packet.
  3. If the translation state exists, then the IPv4 header is translated into an IPv6 header, the IPv4 source address is translated into an IPv6 source address by adding the IPv6 stateful NAT prefix, and the IPv4 destination address is translated into an IPv6 address by using the NAT64 translation state.

Step 12. IPv6 packets are forwarded back to the IPv6 client.

Table 2-12 provides a comparison of stateless and stateful NAT64.

Table 2-12 NAT64 Stateless and Stateful NAT64 Comparison

Cisco 300-420 Exams Exams of Cisco 300-420 Whole IPv4 Address Linked to IPv6

Leave a Reply

Your email address will not be published. Required fields are marked *