In Networking
In NetScaler 11.1
In Citrix ADC
In All products
Product Documentation
In Networking
In NetScaler 11.1
In Citrix ADC
In All products
NetScaler 13.0 NetScaler 12.1 NetScaler 12.0 NetScaler 11.1 NetScaler 10.5
View PDF

Stateless NAT46

January 16, 2019
Contributed by:  S

The stateless NAT46 feature enables communication between IPv4 and IPv6 networks through IPv4 to IPv6 packet translation, and vice versa, without maintaining any session information on the NetScaler appliance.

For a stateless NAT46 configuration, the appliance translates an IPv4 packet to IPv6 or an IPv6 packet to IPv4 as defined in RFCs 6145 and 2765.

A stateless NAT46 configuration on the NetScaler appliance has the following components:

  • IPv4-IPv6 INAT entry. An INAT entry defining a 1:1 relationship between an IPv4 address and an IPv6 address. In other words, an IPv4 address on the appliance listens to connection requests on behalf of an IPv6 server. An IPv4 request packet for this IPv4 address is translated into an IPv6 packet, and then the IPv6 packet is sent to the IPv6 server.

    The appliance translates an IPv6 response packet into an IPv4 response packet with its source IP address field set as the IPv4 address specified in the INAT entry. The translated packet is then sent to the client.

  • NAT46 IPv6 prefix. A global IPv6 prefix of length 96 bits (128-32=96) configured on the appliance. During IPv4 packet to IPv6 packet translation, the appliance sets the source IP address of the translated IPv6 packet to a concatenation of the NAT46 IPv6 prefix [96 bits] and the IPv4 source address [32 bits] that was received in the request packet.

    During IPv6 packet to IPv4 packet translation, the appliance sets the destination IP address of the translated IPv4 packet to the last 32 bits of the destination IP address of the IPv6 packet.

Consider an example in which an enterprise hosts site www.example.com on server S1, which has an IPv6 address. To enable communication between IPv4 clients and IPv6 server S1, NetScaler appliance NS1 is deployed with a stateless NAT46 configuration that includes an IPv4-IPv6 INAT entry for server S1, and a NAT46 Prefix. The INAT entry includes an IPv4 address at which the appliance listens to connection requests from IPv4 clients on behalf of the IPv6 server S1.

stateless nat46

The following table lists the settings used in this example:

Entities Name Value
IP address of the client Client_IPv4 (for reference purposes only) 192.0.2.60
IPv6 address of the server Sevr_IPv6 (for reference purposes only) 2001:DB8:5001::30
IPv4 address defined in the INAT entry for IPv6 server S1 Map-Sevr-IPv4 (for reference purposes only) 192.0.2.180
IPv6 prefix for NAT 46 translation NAT46_Prefix (for reference purposes only) 2001:DB8:90::

Following is the traffic flow in this example:

  1. IPv4 Client CL1 sends a request packet to the Map-Sevr-IPv4 (192.0.2.180) address on the NetScaler appliance.
  2. The appliance receives the request packet and searches the NAT46 INAT entries for the IPv6 address mapped to the Map-sevr-IPv4 (192.0.2.180) address. It finds the Sevr-IPv6 (2001:DB8:5001::30) address.
  3. The appliance creates a translated IPv6 request packet with:
    • Destination IP address field = Sevr-IPv6 = 2001:DB8:5001::30
    • Source IP address field = Concatenation of NAT Prefix (First 96 bits) and Client_IPv4 (last 32 bits) = 2001:DB8:90::192.0.2.60
  4. The appliance sends the translated IPv6 request to Sevr-IPv6.
  5. The IPv6 server S1 responds by sending an IPv6 packet to the NetScaler appliance with:
    • Destination IP address field = Concatenation of NAT Prefix (First 96 bits) and Client_IPv4 (last 32 bits)= 2001:DB8:90::192.0.2.60
    • Source IP address field = Sevr-IPv6 = 2001:DB8:5001::30
  6. The appliance receives the IPv6 response packet and verifies that its destination IP address matches the NAT46 prefix configured on the appliance. Because the destination address matches the NAT46 prefix, the appliance searches the NAT46 INAT entries for the IPv4 address associated with the Sevr-IPv6 address (2001:DB8:5001::30 ). It finds the Map-Sevr-IPv4 address (192.0.2.180).
  7. The appliance creates an IPv4 response packet with:
    • Destination IP address field = The NAT46 prefix stripped from the destination address of the IPv6 response = Client_IPv4 (192.0.2.60)
    • Source IP address field = Map-Sevr-IPv4 address (192.0.2.180)
  8. The appliance sends the translated IPv4 response to client CL1.

Limitations of Stateless NAT46

The following limitations apply to stateless NAT46:

  • Translation of IPv4 options is not supported.
  • Translation of IPv6 routing headers is not supported.
  • Translation of hop-by-hop extension headers of IPv6 packets is not supported.
  • Translation of ESP and EH headers of IPv4 packets is not supported.
  • Translation of multicast packets is not supported.
  • Translation of destination option headers and source routing headers is not supported.
  • Translation of fragmented IPv4 UDP packets that do not contain UDP checksum is not supported.

Configure Stateless NAT46

Creating the required entities for stateless NAT46 configuration on the NetScaler appliance involves the following procedures:

  1. Create an IPv4-IPv6 mapping INAT entry with stateless mode enabled.
  2. Create a NAT46 IPv6 prefix.

NetScaler command line procedures

To configure an INAT mapping entry by using the NetScaler command line:

At the command prompt, type:

  • add inat <name> <publicIPv4> <privateIPv6> -mode STATELESS
  • show inat <name>

To create an NAT46 prefix by using the NetScaler command line:

At the command prompt, type:

  • set inatparam -nat46v6Prefix <ipv6_addr *>
  • show inatparam

Example:

 > add inat exmpl-com-stls-nat46 192.0.2.180
2001:DB8:5001::30 -mode stateless
Done

> set inatparam -nat46v6Prefix 2001:DB8:90::/96
Done

NetScaler GUI procedures

To create an INAT mapping entry by using the NetScaler GUI:

  1. Navigate to System > Network > Routes > INAT.

  2. Add a new INAT entry, or edit an existing INAT entry.

  3. Set the following parameters:

    • Name*
    • Public IP Address*
    • Private IP Address* (Select the IPv6 check box and enter the address in IPv6 format.)
    • Mode (Select Stateless from the drop down list.)

    * A required parameter

To create a NAT46 prefix by using the NetScaler GUI:

Navigate to System > Network, in the Settings group, click Configure INAT Parameters, and set the Prefix parameter.

Setting Global Parameters for Stateless NAT46

The appliance provides some optional global parameters for stateless NAT46 configurations.

To set global parameters for stateless NAT46 by using the NetScaler command line:

At the command prompt, type:

  • set inatparam [-nat46IgnoreTOS ( YES NO )] [-nat46ZeroCheckSum ( ENABLED DISABLED )] [-nat46v6Mtu <positive_integer>] [-nat46FragHeader ( ENABLED DISABLED )]
  • show inatparam

Example:

> set inatparam -nat46IgnoreTOS YES -nat46ZeroCheckSum DISABLED -nat46v6Mtu 1400 -nat46FragHeader DISABLED
 Done

To set global parameters for stateless NAT46 by using the NetScaler GUI:

Navigate to System > Network, in the Settings group, click Configure INAT Parameters.

Stateless NAT46

January 16, 2019
Contributed by:  S

In this article

Edit this article