• Sales: 1-800-961-2888
  • Support: 1-800-961-4454

Using NAT64


IPv6 for an IPv4 address

As the Internet slowly moves from one address protocol to another (IPv4 to IPv6) there will be some overlap between legacy systems that only use IPv4 and newer systems that only use IPv6.

For Cloud Servers that do not have IPv6 addresses we've implemented a system called NAT64. NAT64 works behind the scenes, letting you create IPv6 addresses that point to your public IPv4 addresses.

This article discusses how to build an IPv6 address that uses NAT64 and add that address to your domain's DNS.

NAT64 prefixes

To create an IPv6 address from an IPv4 address you combine a NAT64 prefix with the existing IPv4 address.

The prefixes you can use are different depending on the datacenter housing your server. At this time we only support NAT64 in our DFW and ORD datacenters.

You can find your server's datacenter by checking its Server Details in the Cloud Control Panel.

DFW

The prefixes for DFW are:

2001:4800:624:C1::
2001:4800:624:C2::

You can use either prefix for your NAT64 address (or both, with multiple AAAA records - see below).

ORD

The prefixes for ORD are:

2001:4801:624:C1::
2001:4801:624:C2::

You can use either prefix for your NAT64 address (or both, with multiple AAAA records - see below).

Combining the address with the prefix

Once you have a prefix selected you can merge the new with the old. Take the prefix you've selected for the datacenter and add your IPv4 address to the end.

For example, the IPv4 address "111.222.34.56", if it were in a DFW datacenter, could have a NAT64 address that looks like this:

2001:4800:624:C1::111.222.34.56

It's okay to leave the IPv4 address as-is when adding it to the IPv6 prefix.

Set the AAAA record

To let other systems know an IPv6 address is available for your domain you can include it in the domain's DNS information.

Add the NAT64 address by putting it in an AAAA record for your domain. When a DNS lookup is performed your domain's AAAA record for IPv6 will be returned alongside the A record for IPv4.

For the sake of redundancy it's best to set up two AAAA records for the domain, one for each of the NAT64 prefixes for your server's datacenter. That way if one NAT64 address is unreachable a browser can use the other available address.

If you manage your DNS through Rackspace you can set the AAAA record in the Cloud Control Panel. For assistance see this article on the Control Panel's DNS functionality.

Mixed address

You might have noticed that the combined address contains both colons (the NAT64 prefix) and periods (the IPv4 address). The numbers between colons are in hexadecimal format and the numbers in the IPv4 address are decimal numbers.

Most systems handle the mix just fine. Some, like the Cloud Control Panel, will automatically convert the IPv4 part of a combined address into hexadecimal format for you.

If your DNS system has trouble using a mixed-format address in an AAAA record you'll have to convert the IPv4 part of the address to hexadecimal. If you don't want to do the math yourself (who does?) you can use an online converter like this one. Enter the IPv4 address into the field on that form, click the "IPv6" button, and the last two sets of numbers in the result will be your IPv4 address converted to hexadecimal format.

Testing connectivity

You can only test connectivity to an IPv6 address from a machine that has IPv6 access. To test the AAAA record you'll also want to be sure your test machine can do IPv6 DNS lookups.

When in doubt, use an online IPv6 ping tool.

Windows ping

On Windows you can ping an IPv6 address withping, forcing it to only use IPv6 (for testing) with the-6flag:

ping -6 example.com

Linux and Mac OS X ping6

On Linux and other Unix-based systems you can use theping6tool to check an IPv6 address:

ping6 example.com

Online tools

A web search can turn up some online tools that will ping IPv6 addresses, like this site. Plug your domain name into the tool and you'll get the results of an IPv6 ping.

Pros and cons

An advantage of NAT64 is that you can handle incoming IPv6 traffic without needing to change settings on your server or require IPv6 support in your software. You only need to add a record to your DNS configuration pointing to the translated IPv6 address (the AAAA record).

The downside of NAT64 is that the overhead of the traffic conversion adds some network latency.

NAT64 is a good transitional solution but you should plan to move to direct IPv6 support when IPv6 adoption becomes more widespread.

Further information

If you'd like more information on what IPv6 is and how to read an IPv6 address you can look through our IPv6 Primer.

You can allow a machine that doesn't have IPv6 connectivity to access IPv6 interfaces (to test a NAT64 address, for instance) via an IPv6 tunnel. You can set up a tunnel through a service like Hurricane Electric's Tunnelbroker.

Summary

That's all you should need to do to permit IPv6 access to your IPv4 address. Create a new IPv6 address by combining a NAT64 prefix with your IPv4 address, then add it to your domain's DNS information in an AAAA record.







© 2011-2013 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License


See license specifics and DISCLAIMER