Tips & Tricks: NAT64

Tips & Tricks: NAT64

Created On 09/25/18 19:03 PM - Last Modified 02/07/19 23:50 PM


In this week's Tips & Tricks, we'll take a closer look at how and why NAT would be used in an IPv6 environment and how it can be manipulated to make life a little easier. More and more technologies are adopting IPv6 while others are lagging.


While preparing for the inevitable move to IPv6, you may be considering starting off with a hybrid scenario where IPv4 hosts are still operating on their old IP address, possibly due to hardware restrictions or difficulties implementing IPv6 on the host, while all internet connectivity is already routed via an IPv6-enabled ISP or using an IPv6 WAN solution.


A NAT64-enabled gateway could be a good way to get started on preparing the environment to handle IPv6 while not moving everything over just yet.


NAT64 is a transition mechanism that facilitates communication between the two protocols by enabling the administrator to embed an IPv4 address into an IPv6 address. The firewall can be configured to create a mapping between both addresses.


2016-06-ipv6.pngNetwork Diagram showing IPv4 and IPv6 addressesAlthough DNS64 needs to be implemented in the network to transform IPv4 addresses into their IPv6 equivalent, the firewall can translate between the protocols.


Figuring out how to embed the IPv4 IP into the IPv6 may get a little tricky, as the IPV4 hex needs to be appended after the IPv6 prefix.


The hex conversion for the IP is 0xC0000201.


Hex for 192 is c0

Hex for 0 is 00

Hex for 2 is 02

Hex for 1 is 01


Per RFC 6052, several prefix lengths are possible:


Network Specific PrefixIPv4 AddressIPv6 Address


The IPv4 hex may need to move around a little, depending on the prefix length in the 128-bit space.


 For more details, please take a look at these RFCs.


  • RFC 6144 – NAT64 Framework
  • RFC 6146 – Stateful NAT64 -  Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers - Allows IPv6 - only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP
  • RFC 6145 – Header translation from IPv4 to IPv6 and vice versa
  • RFC 6147 – DNS64 -  DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers - DNS64 is a mechanism for synthesizing AAAA records from A records
  • RFC 6052 – IPv4-Embedded IPv6 Address Prefix and Format

  • Print
  • Copy Link

Choose Language