---
title: How I set up NAT64
description: Working towards single-stack inside AS54041
date: 2023-06-16
tags: networking
draft: true
extra:
  auto_center_images: true
  excerpt: Information on how I set up NAT64 inside AS54041
  uses:
  - mermaid
aliases:
- /blog/nat64
---

Somewhere along the way of setting up AS54041 over the past few years I stumbled across a reference to [NAT64](https://en.wikipedia.org/wiki/NAT64).

As with most things IPv6 related, Google searches surface a bunch of hand-wave-y information about possible implementations, but not much in the way of useful tutorials for anyone wanting to try it out themselves (without expensive enterprise routers that is).

## A quick overview of NAT64

Firstly, traditional NAT (technically NAT44) refers to the process of mapping one IPv4 address range to another.

For example, residential networks generally NAT something like `192.168.1.0/24` to a single public IPv4 address. Every time an internal host wants to send a packet out to the other side of the NAT, a temporary port is allocated on the public address, the router keeps track of this mapping, and the packet is masqueraded from the public address.

<div class="mermaid">
graph RL
  subgraph Private IPv4 Address Space
    Host[Internal Host] --> Router
    Router --> Host
  end
  subgraph Public IPv4 Address Space
    Router --> Server[Remote Server]
    Server --> Router
  end
</div>

Now, if you are familiar with NAT44 (aka, NAT), NAT64 shouldn't be a crazy leap:

<div class="mermaid">
graph RL
  subgraph Private IPv6 Address Space
    Host[Internal Host] --> Router
    Router --> Host
  end
  subgraph Public IPv4 Address Space
    Router --> Server[Remote Server]
    Server --> Router
  end
</div>

Doesn't look like anything changed? Well, that's because the only difference is that the private network is IPv**6** instead of 4.

Building on this idea of cross-protocol NAT, the next logical progression (and only way I've ever seen this implemented in practice) is to NAT between the *whole IPv6 Internet* and the *whole IPv4 Internet*. Like this:

<div class="mermaid">
graph LR
  Internet6((IPv6 Internet)) --> Router --> Internet4((IPv4 Internet))
  Internet4 --> Router --> Internet6
</div>

I'm pretty sure NAT64 was originally intended to be used in an Anycast configuration, but I've yet to learn of anybody doing this in practice.

<div class="mermaid">
graph LR
  Internet6((IPv6 Internet))  <--> R1[Router 1] <--> Internet4((IPv4 Internet))
  Internet6 <--> R2[Router 2] <--> Internet4
  Internet6 <--> R3[Router 3] <--> Internet4
</div>

## How I set up NAT64 on a Debian-based router

## Final Remarks