NAT64 is a mechanism for translating IPv6 packets to IPv4 packets, and vice versa. NAT64 allows IPv6-only clients to contact IPv4 servers using unicast UDP or TCP. NAT64 only allows an IPv6-only client to initiate communications to an IPv4-only server. To perform IPv6-to-IPv4 translation, binding and session information is saved. NAT64 is stateful.
The following diagram shows details of NAT64 translation.
- NAT64 is only supported for external IPv6 traffic coming in through the NSX-T edge uplink to the IPv4 server in the overlay.
- NAT64 supports TCP and UDP. Packets of all other protocol types are discarded. NAT64 does not support ICMP, fragmentation, or IPV6 packets that have extension headers.
- When a NAT64 rule and an NSX-T load balancer (meaning that it is not NSX-T Advanced Load Balancer) are configured on the same Edge node, using the NAT64 rule to direct IPv6 packets to the IPv4 load balancer is not supported.
- From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
- Select .
- Select a gateway from the Gateway dropdown list.
- Next to View, select NAT64.
- Click Add NAT 64 Rule.
- Enter a Name.
- Enter a Source.
Specify an IPv6 address, or an IPv6 address range in CIDR format. For example, 2001:DB7:1::1 or 2001:DB7:1::/64.
If this text box is left blank, the NAT rule applies to all sources outside of the local subnet.
- Enter a Destination.
Specify an IPv6 address, or an IPv6 address range in CIDR format with subnet size 96. For example, 64:ff9b::0B01:0101 or 2001:DB8::/96.
- Enter a value for Translated IP.
Specify an IPv4 address, an IPv4 address range, or a comma-separated list of IPv4 addresses. For example, 10.1.1.1, 10.1.1.1-10.1.1.2, or 10.1.1.1,10.1.1.2.
- Toggle Enable to enable the rule.
- (Optional) In the Service column, click Set to select services.
- (Optional) Enter a value for Translated Port.
- (Optional) For Apply To, click Set and select objects that this rule applies to.
The only option available is Interfaces.
- (Optional) Toggle the logging button to enable logging.
- (Optional) Specify a priority value.
A lower value means a higher priority. The default is 0.
- The Firewall setting is set to Bypass and cannot be changed.
- Click Save.