IPv6 and Beyond: How NAT64 and DNS64 Enable Interoperability with Legacy IPv4 Systems

Amit Kumar
5 min readOct 16, 2024

--

In our previous blogs, we covered the fundamentals of IPv6 and key concepts like dual-stack configurations and transition mechanisms. As IPv6 adoption grows, ensuring smooth communication between IPv6 clients and legacy IPv4 systems remains crucial. This is where NAT64, DNS64, and IP synthesization come in.

These technologies act as essential bridges, enabling IPv6-only clients to interact with IPv4 servers seamlessly. In this blog, we’ll break down how these tools work together to facilitate cross-protocol communication, highlighting their importance in the evolving internet landscape. Let’s explore how they help bridge the gap while supporting future network infrastructure.

Understanding NAT64 and DNS64

NAT64

NAT64 is a critical technology that enables IPv6-only clients to communicate with IPv4-only servers. As IPv4 addresses continue to deplete and IPv6 adoption rises, NAT64 helps maintain accessibility to legacy IPv4 services, providing a crucial bridge during the ongoing transition to an IPv6-dominant internet.

Working:

  1. Initiating the Request: When an IPv6-only client wants to connect to an IPv4 server, the request is directed to a NAT64 gateway. The client uses an IPv6 address (often synthesized by DNS64) to represent the IPv4 server.
  2. Packet Translation: The NAT64 gateway translates the IPv6 packet into an IPv4 packet. This involves stripping the IPv6 header and generating an IPv4 header. NAT64 translates the source address from IPv6 to an appropriate IPv4 address and modifies protocol-specific information, such as checksum and port numbers, to conform to IPv4 standards.
  3. Forwarding to IPv4 Server: Once translated, the packet is routed to the IPv4 server. The server processes this as a standard IPv4 request, unaware of the original IPv6 source.
  4. Response Translation: When the IPv4 server responds, the NAT64 gateway reverses the process, translating the IPv4 response packet back into an IPv6 format and sending it to the original IPv6 client.

Benefits:

  • Seamless IPv4 Access for IPv6 Clients: NAT64 allows IPv6-only clients to interact with IPv4 servers without requiring any changes to the legacy IPv4 infrastructure.
  • Support for IPv6 Migration: NAT64 facilitates the gradual transition to an IPv6-only environment by ensuring that IPv6 clients can still access essential IPv4 services during the migration period.

Limitations:

  • Protocol-Specific Challenges: NAT64 does not fully support protocols that rely on embedding IP addresses within the payload, such as SIP or FTP. These protocols often require additional application-layer gateways (ALGs) or workarounds to function properly.
  • Limited Port and Protocol Support: Some applications rely on direct IP communication, specific port ranges, or use complex protocols like IPsec, which may not be compatible with NAT64 translation.

DNS64

DNS64 is a complementary service to NAT64, designed to synthesize IPv6 addresses (AAAA records) for IPv4-only resources. By generating synthetic AAAA records, DNS64 enables IPv6-only clients to resolve domain names to reach IPv4 servers via NAT64.

Working:

  1. IPv6 Client Query: When an IPv6 client queries a domain (e.g., example.com), the client requests an AAAA record (IPv6 address).
  2. Checking for AAAA Record: DNS64 first checks the DNS database for an existing AAAA record. If a valid IPv6 address exists for the domain, DNS64 simply returns this record.
  3. Synthesizing AAAA from A Record: If only an A record (IPv4 address) is available, DNS64 synthesizes a corresponding AAAA record. This synthesized IPv6 address uses a specific prefix, such as 64:ff9b::/96, which is reserved for NAT64 translation. The IPv6 address is created by combining the prefix with the IPv4 address.
  4. For example, if the IPv4 address is 192.0.2.1, DNS64 would generate an IPv6 address like 64:ff9b::192.0.2.1.
  5. Returning the Synthesized Address: The client receives the synthesized AAAA record, which points to the NAT64 gateway. When the client attempts to connect to the server, the request is routed through NAT64 for translation and processing.

Benefits:

  • Automatic IPv6 Address Generation: DNS64 automatically generates the necessary IPv6 addresses to access IPv4 services, simplifying the process for IPv6 clients and removing the need for dual-stack DNS configurations.
  • Reduced DNS Management Overhead: With DNS64, network administrators don’t need to maintain separate DNS entries for both IPv4 and IPv6 resources, significantly reducing administrative overhead.

Real-World Use Case:

Consider a scenario where a company’s web service(twitter.com) is IPv4-only, but users on an IPv6-only network need to access it. DNS64 will synthesize an IPv6 address based on the web server’s IPv4 address. The IPv6 client can then connect to the server via NAT64, allowing transparent access without requiring the web service to support IPv6 natively.

Note: In this transition, there are three important things to know for further understanding.

  • NAT64 Prefix: A prefix (/32 to /96) used to combine an IPv6 address with a converted IPv4 address for transmission over an IPv6-only network. It can be either a network-specific prefix (NSP) or a well-known prefix (WKP), with 64:ff9b::/96 as the standard WKP.
  • DNS64 Server: Acts like a standard DNS server for IPv6 AAAA records but also synthesizes an IPv6 AAAA record from an IPv4 A record if none exists, using the NAT64 prefix to allow communication between IPv6-only clients and IPv4 servers.
  • NAT64 Router: Advertises the NAT64 prefix within the IPv6 network and performs the actual translation between IPv6 and IPv4 networks, enabling communication across protocols.

IP Synthesization

IP synthesization is a critical process that involves creating a synthetic IPv6 address from an existing IPv4 address. This is primarily handled by DNS64 in conjunction with NAT64.

How IP Synthesization Works:

  • When DNS64 synthesizes an AAAA record, it typically uses a predetermined algorithm to create an IPv6 address that corresponds to the IPv4 address.
  • This synthesized address is based on a specific prefix assigned to the NAT64 gateway, allowing IPv6 clients to communicate seamlessly with IPv4 servers.

Example of IP Synthesization:

  • If an IPv4 address 192.0.2.1 needs to be accessed by an IPv6 client, DNS64 may generate an IPv6 address like 64:ff9b::192.0.2.1. The prefix 64:ff9b::/96 is reserved for NAT64 translation.

Importance of IP Synthesization:

  • Ensures that IPv6 clients can access the full range of IPv4 services without needing additional configuration or changes to the client or server.

Conclusion

As we conclude this series on IPv6, it’s clear that technologies like NAT64, DNS64, and IP synthesization are essential for bridging the gap between IPv4 and IPv6. These mechanisms not only facilitate communication between different protocols but also ease the transition to an IPv6-dominant future. Understanding these concepts will prepare organizations to embrace the new era of networking while maintaining compatibility with legacy systems.

Thank you for following along in this exploration of IPv6! Stay connected as the internet continues to evolve.

Feel free to modify any sections or add specific examples that fit your style and audience!

--

--