F5 CGN Approach
CONFIDENTIAL
Current Internet stays IPv4 but new networks
are IPv6
Integrated large scale NAT and IPv6 interworking solution
Firewalls
DNS
IPv6
handsets
DNS64
IPv6
GW
IPv4
Internet/
network
IPv6
devices
IPv4
GW
IPv4
legacy
devices
NAT64/NAT44
Solution
Highly scalable NAT & IPv6 GW services at 1/3
the cost of traditional firewall solutions
• CoordiNATion of NAT64 and DNS64
• Intelligently offloads network firewall functions
• Reduce TCO for interworking
• Smooth migration to a IMS infrastructure
IPv6
Internet/
network
2
CONFIDENTIAL
LTM Providing NAT64 & DNS64 Gateway Function
NAT64
Forwarding / mapping Virtual
5. LTM transforms v6
address
to v4 addresses for
outgoing
6. LTM maps and
transforms
v4 addresses to v6 for
return traffic
1. Client sends DNS query www.server.com
IPv6
Client
v6
VS
4. Client sends traffic to AAAA address
2. LTM sends AAAA & A Queries
to DNS
www.server.com (AAAA)
www.server.com (A)
v4
DNS
v6
DNS
3a. If v6 DNS then AAAA
record returned to client as
usual
3b. If only v4 DNS A record
returned, LTM adds 96 bit prefix
to A record and returns AAAA to
client
DNS64
v4
Internet /
Network
3
CONFIDENTIAL
Network Access services – IPv6
• NAT64
– Session management
• Applications open more concurrent tcp connections
• Users needs to be NATted behind same ip
– Only 64k ports per IP – millions of users needs to be mapped
behind a range of IPs.
– High speed logging (compliance)
• DNS64:
– DNS request management
• IPv6 client requests IPv4 only resource
– DNS response management
• IPv4 only resource is NAT’ed to IPv6 address and coordiNATed wth DNS reply
• NAT46 and DNS46 is needed as well
4