Related Documentation
Configuring Dynamic Source Address and Static Destination Address Translation (IPv6 to IPV4)
Stateful NAT64 is a mechanism used to move to an IPv6 network and at the same time deal with IPv4 address depletion. By allowing IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP, several IPv6-only clients can share the same public IPv4 server address. To allow sharing of the IPv4 server address, stateful NAT64 translates incoming IPv6 packets into IPv4, and vice versa.
To configure stateful NAT64, you must configure a rule at the [edit services nat] hierarchy level for translating the source address dynamically and the destination address statically.
 | Best Practice: When you configure the service set that includes your NAT rule, include the set stateful-nat64 clear-dont-fragment-bit at the [edit services service-set service-set-name] hierarchy level.This clears the DF (don't fragment) bit in order to prevent unnecessary creation of an IPv6 fragmentation header when translating IPv4 packets that are less than 1280 bytes. RFC 6145, IP/ICMP Translation Algorithm, provides a full discussion of the use of the DF flag to control generation of fragmentation headers. For more information on service sets for NAT, see Configuring NAT Service Sets. |
To configure stateful NAT64:
- In configuration mode, go to the [edit services nat] hierarchy level.[edit]user@host# edit services nat
- Define the pool of source addresses to be used for dynamic
translation.[edit services nat]user@host# set pool pool name address source addressesuser@host# set pool pool name port source ports
For example:
[edit services nat]user@host# set pool src-pool-nat64 address 203.0.113.0/24user@host# set pool src-pool-nat64 port automatic - Define a NAT rule for translating the source addresses.
Set the match-direction statement of the rule as input. Then define a term that uses stateful-nat64 as the translation
type for translating the addresses of the pool defined in the previous
step.[edit services nat]user@host# set rule rule name match-direction inputuser@host# set rule rule name term term name from source-address source addressuser@host# set rule rule name term term name from destination-address destination addressuser@host# set rule rule name term term name then translated source-pool pool nameuser@host# set rule rule name term term name then translated destination-prefix destination prefixuser@host# set rule rule name term term name then translated translation-type stateful-nat64
For example:
[edit services nat]user@host# set rule stateful-nat64 match-direction inputuser@host# set rule stateful-nat64 term t1 from source-address 2001:DB8::0/96user@host# set rule stateful-nat64 term t1 from destination-address 64:FF9B::/96user@host# set rule stateful-nat64 term t1 then translated source-pool src-pool-nat64user@host# set rule stateful-nat64 term t1 then translated destination-prefix 64:FF9B::/96user@host# set rule stateful-nat64 term t1 then translated translation-type stateful-nat64
