NetScaler

Stateless NAT46

September 21, 2020

Contributed by:

The stateless NAT46 feature enables communication between IPv4 and IPv6 networks through IPv4 to IPv6 packet translation, and vice versa, without maintaining any session information on the NetScaler appliance.

For a stateless NAT46 configuration, the appliance translates an IPv4 packet to IPv6 or an IPv6 packet to IPv4 as defined in RFCs 6145 and 2765.

A stateless NAT46 configuration on the NetScaler appliance has the following components:

IPv4-IPv6 INAT entry. An INAT entry defining a 1:1 relationship between an IPv4 address and an IPv6 address. In other words, an IPv4 address on the appliance listens to connection requests on behalf of an IPv6 server. An IPv4 request packet for this IPv4 address is translated into an IPv6 packet, and then the IPv6 packet is sent to the IPv6 server.

The appliance translates an IPv6 response packet into an IPv4 response packet with its source IP address field set as the IPv4 address specified in the INAT entry. The translated packet is then sent to the client.
NAT46 IPv6 prefix. A global IPv6 prefix of length 96 bits (128-32=96) configured on the appliance. During IPv4 packet to IPv6 packet translation, the appliance sets the source IP address of the translated IPv6 packet to a concatenation of the NAT46 IPv6 prefix [96 bits] and the IPv4 source address [32 bits] that was received in the request packet.

During IPv6 packet to IPv4 packet translation, the appliance sets the destination IP address of the translated IPv4 packet to the last 32 bits of the destination IP address of the IPv6 packet.

Consider an example in which an enterprise hosts site www.example.com on server S1, which has an IPv6 address. To enable communication between IPv4 clients and IPv6 server S1, NetScaler appliance NS1 is deployed with a stateless NAT46 configuration that includes an IPv4-IPv6 INAT entry for server S1, and a NAT46 Prefix. The INAT entry includes an IPv4 address at which the appliance listens to connection requests from IPv4 clients on behalf of the IPv6 server S1.

stateless nat46

The following table lists the settings used in this example:

Entities	Name	Value
IP address of the client	Client_IPv4 (for reference purposes only)	192.0.2.60
IPv6 address of the server	Sevr_IPv6 (for reference purposes only)	2001:DB8:5001::30
IPv4 address defined in the INAT entry for IPv6 server S1	Map-Sevr-IPv4 (for reference purposes only)	192.0.2.180
IPv6 prefix for NAT 46 translation	NAT46_Prefix (for reference purposes only)	2001:DB8:90::

Following is the traffic flow in this example:

IPv4 Client CL1 sends a request packet to the Map-Sevr-IPv4 (192.0.2.180) address on the NetScaler appliance.
The appliance receives the request packet and searches the NAT46 INAT entries for the IPv6 address mapped to the Map-sevr-IPv4 (192.0.2.180) address. It finds the Sevr-IPv6 (2001:DB8:5001::30) address.
The appliance creates a translated IPv6 request packet with:
- Destination IP address field = Sevr-IPv6 = 2001:DB8:5001::30
- Source IP address field = Concatenation of NAT Prefix (First 96 bits) and Client_IPv4 (last 32 bits) = 2001:DB8:90::192.0.2.60
The appliance sends the translated IPv6 request to Sevr-IPv6.
The IPv6 server S1 responds by sending an IPv6 packet to the NetScaler appliance with:
- Destination IP address field = Concatenation of NAT Prefix (First 96 bits) and Client_IPv4 (last 32 bits)= 2001:DB8:90::192.0.2.60
- Source IP address field = Sevr-IPv6 = 2001:DB8:5001::30
The appliance receives the IPv6 response packet and verifies that its destination IP address matches the NAT46 prefix configured on the appliance. Because the destination address matches the NAT46 prefix, the appliance searches the NAT46 INAT entries for the IPv4 address associated with the Sevr-IPv6 address (2001:DB8:5001::30 ). It finds the Map-Sevr-IPv4 address (192.0.2.180).
The appliance creates an IPv4 response packet with:
- Destination IP address field = The NAT46 prefix stripped from the destination address of the IPv6 response = Client_IPv4 (192.0.2.60)
- Source IP address field = Map-Sevr-IPv4 address (192.0.2.180)
The appliance sends the translated IPv4 response to client CL1.

Limitations of Stateless NAT46

The following limitations apply to stateless NAT46:

Translation of IPv4 options is not supported.
Translation of IPv6 routing headers is not supported.
Translation of hop-by-hop extension headers of IPv6 packets is not supported.
Translation of ESP and EH headers of IPv4 packets is not supported.
Translation of multicast packets is not supported.
Translation of destination option headers and source routing headers is not supported.
Translation of fragmented IPv4 UDP packets that do not contain UDP checksum is not supported.

Configure Stateless NAT46

Creating the required entities for stateless NAT46 configuration on the NetScaler appliance involves the following procedures:

Create an IPv4-IPv6 mapping INAT entry with stateless mode enabled.
Create a NAT46 IPv6 prefix.

NetScaler command line procedures

To configure an INAT mapping entry by using the NetScaler command line:

At the command prompt, type:

add inat <name> <publicIPv4> <privateIPv6> -mode STATELESS
show inat <name>

To create an NAT46 prefix by using the NetScaler command line:

At the command prompt, type:

set inatparam -nat46v6Prefix <ipv6_addr *>
show inatparam

Example:

 > add inat exmpl-com-stls-nat46 192.0.2.180
2001:DB8:5001::30 -mode stateless
Done

> set inatparam -nat46v6Prefix 2001:DB8:90::/96
Done
<!--NeedCopy-->

NetScaler GUI procedures

To create an INAT mapping entry by using the NetScaler GUI:

Navigate to System > Network > Routes > INAT.
Add a new INAT entry, or edit an existing INAT entry.
Set the following parameters:
- Name*
- Public IP Address*
- Private IP Address* (Select the IPv6 check box and enter the address in IPv6 format.)
- Mode (Select Stateless from the drop down list.)
* A required parameter

To create a NAT46 prefix by using the NetScaler GUI:

Navigate to System > Network, in the Settings group, click Configure INAT Parameters, and set the Prefix parameter.

Setting Global Parameters for Stateless NAT46

The appliance provides some optional global parameters for stateless NAT46 configurations.

To set global parameters for stateless NAT46 by using the NetScaler command line:

At the command prompt, type:

set inatparam [-nat46IgnoreTOS ( YES

NO )] [-nat46ZeroCheckSum ( ENABLED

DISABLED )] [-nat46v6Mtu <positive_integer>] [-nat46FragHeader ( ENABLED

DISABLED )]

show inatparam

Example:

> set inatparam -nat46IgnoreTOS YES -nat46ZeroCheckSum DISABLED -nat46v6Mtu 1400 -nat46FragHeader DISABLED
 Done
<!--NeedCopy-->

To set global parameters for stateless NAT46 by using the NetScaler GUI:

Navigate to System > Network, in the Settings group, click Configure INAT Parameters.

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

Stateless NAT46

September 21, 2020

Contributed by:

September 21, 2020

Contributed by:

Stateless NAT46

Limitations of Stateless NAT46

Configure Stateless NAT46

NetScaler command line procedures

NetScaler GUI procedures

Setting Global Parameters for Stateless NAT46

In this article