No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


NE40E V800R010C00 Feature Description - NAT and IPv6 Transition 01

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Basic NAT64 Concepts

Basic NAT64 Concepts

Basic NAT64 Elements

  • IPv6 prefix

    IPv6 service data packets arriving at a NAT64 device carry IPv6 addresses, regardless of whether the packets are destined for IPv4 or IPv6 networks. In this situation, the NAT64 device identifies destinations based on configured IPv6 prefixes in the packets.
    • If the IPv6 prefix carried in a packet is the same as that defined on the NAT64 device, the packet is destined for an IPv4 network. After the NAT64 device processes the packet, the packet is forwarded to the IPv4 network.
    • If the IPv6 prefix carried in a packet differs from that defined on the NAT64 device, the packet is destined for an IPv6 network. This packet is forwarded to the IPv6 network without being processed by NAT64.

    The NAT64 device advertises the route with the defined IPv6 prefix. IPv4 packets that IPv6 terminals send and are destined for IPv4 networks are directed to the NAT64 device over the advertised route.

  • NAT64 translation policy

    NAT64 uses ACLs to control the scope in which NAT64 address translation takes effect. Only data packets matching ACL rules can be processed by NAT64. Private network terminals whose packets matching addresses specified in an ACL can access IPv4 networks. A NAT64 translation policy can flexibly control terminals' access to the IPv4 networks.

    ACL rules are defined based on both IPv6 headers and upper layer protocol headers in IPv6 packets. A NAT64 device permits or denies IPv6 data packets matching the ACL rules. The NAT64 device can translate addresses only for the packets that match ACL rules before the packets reach a public IPv4 network, which improves network security.

    A translation association enables a NAT64 device to associate an address pool with an ACL so that only IPv4 packets matching ACL rules are processed using addresses in the address pool. Before forwarding data packets from a private network to a public network, a NAT64 device matches the packets with the ACL, searches for an IP address pool associated with the ACL, and translates the source private addresses in the matching packets to public addresses in the address pool.

    When packets are sent from a private network to a public network and allow for address translation, the translation association function enables a NAT64 device to replace a private IPv6 address and port number in each packet with a public IPv4 address and a port number, respectively, for each private network host. For data that are sent from a public IPv4 network to a private IPv4 network, the NAT64 device translates the public IPv4 network address and port number to the IPv6 address and port number, respectively, of each private network host.

NAT64 Translation Principles

NAT64 performs translation in either PAT or no-PAT mode:
  • PAT: A NAT64 device translates multiple IPv6 addresses and port numbers to an IPv4 address and a port number, respectively. The PAT mode enables multiple-to-one address mappings. Address mappings are distinguished based on port numbers. This mode is commonly used in NAT64 translation.
  • No-PAT mode: A NAT64 device translates IPv6 addresses to IPv4 addresses, without processing port numbers. The no-PAT mode enables one-to-one mappings.
Figure 6-1 shows the NAT64 PAT networking.
Figure 6-1  NAT64 PAT principles
  1. An IPv6-only PC sends an AAAA request to access a website at to a DNS IPv6 server.
  2. The IPv6 network does not have the AAAA address of the website at The DNS IPv6 server resolves the A address of the URL and obtains
  3. The DNS IPv6 server adds a specified IPv6 prefix of 64:FF9B before the IPv4 address carried in the A request to form an IPv6 address of 64:FF9B::0A0A:B as an AAAA resolution result. The server returns the IPv6 address to the PC.

    The NAT64 device cannot be connected to a DNS64 server with a non-0 suffix. Relevant standards recommended the suffix of 0 for a DNS IPv6 server.

  4. The PC sends packets with source address 2001:DB8::1 and source port number 1500 to a destination with destination address 64:FF9B::0A0A:B and destination port number 80.
  5. Packets are forwarded to the NAT64 device.

    The NAT64 device advertises a route destined for 64:FF9B/32 to direct traffic with the same destination to the NAT64 device.

  6. The NAT64 IPv6 packet removes the IPv6 prefix (64:FF9B) and translates the source IP address and source port to and 2000, respectively, in IPv4 packets and forwards them to the IPv4 network.
    When private network traffic is processed by NAT64 in the forward direction, the NAT64 device creates an entry in the NAT64 mapping table. The entry contains the following information:
    • Address mapping: A private IPv6 address of 2001:DB8::1 is mapped to a public IPv4 address of
    • Port mapping: A private port number of 1500 is mapped to a public port number of 2000.

    If public network traffic is sent to the private network, traffic hits the entry and NAT64 reversely translates IPv4 information to IPv6 information. Obtained IPv6 packets are sent to the IPv6 network.

Updated: 2018-07-04

Document ID: EDOC1100027155

Views: 22545

Downloads: 76

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next