74 lines
2.6 KiB
Markdown
74 lines
2.6 KiB
Markdown
---
|
|
title: How I set up NAT64
|
|
description: Working towards single-stack inside AS54041
|
|
date: 2023-06-16
|
|
tags: networking
|
|
draft: true
|
|
extra:
|
|
auto_center_images: true
|
|
excerpt: Information on how I set up NAT64 inside AS54041
|
|
uses:
|
|
- mermaid
|
|
aliases:
|
|
- /blog/nat64
|
|
---
|
|
|
|
Somewhere along the way of setting up AS54041 over the past few years I stumbled across a reference to [NAT64](https://en.wikipedia.org/wiki/NAT64).
|
|
|
|
As with most things IPv6 related, Google searches surface a bunch of hand-wave-y information about possible implementations, but not much in the way of useful tutorials for anyone wanting to try it out themselves (without expensive enterprise routers that is).
|
|
|
|
## A quick overview of NAT64
|
|
|
|
Firstly, traditional NAT (technically NAT44) refers to the process of mapping one IPv4 address range to another.
|
|
|
|
For example, residential networks generally NAT something like `192.168.1.0/24` to a single public IPv4 address. Every time an internal host wants to send a packet out to the other side of the NAT, a temporary port is allocated on the public address, the router keeps track of this mapping, and the packet is masqueraded from the public address.
|
|
|
|
<div class="mermaid">
|
|
graph RL
|
|
subgraph Private IPv4 Address Space
|
|
Host[Internal Host] --> Router
|
|
Router --> Host
|
|
end
|
|
subgraph Public IPv4 Address Space
|
|
Router --> Server[Remote Server]
|
|
Server --> Router
|
|
end
|
|
</div>
|
|
|
|
Now, if you are familiar with NAT44 (aka, NAT), NAT64 shouldn't be a crazy leap:
|
|
|
|
<div class="mermaid">
|
|
graph RL
|
|
subgraph Private IPv6 Address Space
|
|
Host[Internal Host] --> Router
|
|
Router --> Host
|
|
end
|
|
subgraph Public IPv4 Address Space
|
|
Router --> Server[Remote Server]
|
|
Server --> Router
|
|
end
|
|
</div>
|
|
|
|
Doesn't look like anything changed? Well, that's because the only difference is that the private network is IPv**6** instead of 4.
|
|
|
|
Building on this idea of cross-protocol NAT, the next logical progression (and only way I've ever seen this implemented in practice) is to NAT between the *whole IPv6 Internet* and the *whole IPv4 Internet*. Like this:
|
|
|
|
<div class="mermaid">
|
|
graph LR
|
|
Internet6((IPv6 Internet)) --> Router --> Internet4((IPv4 Internet))
|
|
Internet4 --> Router --> Internet6
|
|
</div>
|
|
|
|
I'm pretty sure NAT64 was originally intended to be used in an Anycast configuration, but I've yet to learn of anybody doing this in practice.
|
|
|
|
<div class="mermaid">
|
|
graph LR
|
|
Internet6((IPv6 Internet)) <--> R1[Router 1] <--> Internet4((IPv4 Internet))
|
|
Internet6 <--> R2[Router 2] <--> Internet4
|
|
Internet6 <--> R3[Router 3] <--> Internet4
|
|
</div>
|
|
|
|
## How I set up NAT64 on a Debian-based router
|
|
|
|
## Final Remarks
|