60 likes | 369 Views
F5 CGN Approach. Integrated large scale NAT and IPv6 interworking solution. Current Internet stays IPv4 but new networks are IPv6. Firewalls. DNS. IPv4 Internet/ n etwork. IPv6 h andsets. DNS64. IPv6 GW. IPv6 d evices. IPv6 Internet/ n etwork. IPv4 GW. IPv4 l egacy d evices.
E N D
Integrated large scale NAT and IPv6 interworking solution Current Internet stays IPv4 but new networks are IPv6 Firewalls DNS IPv4 Internet/ network IPv6 handsets DNS64 IPv6 GW IPv6 devices IPv6 Internet/ network IPv4 GW IPv4 legacy devices NAT64/NAT44 Highly scalable NAT & IPv6 GW services at 1/3 the cost of traditional firewall solutions Solution • CoordiNATion of NAT64 and DNS64 • Intelligently offloads network firewall functions • Reduce TCO for interworking • Smooth migration to a IMS infrastructure
LTM Providing NAT64 & DNS64 Gateway Function NAT64 Forwarding / mapping Virtual 5. LTM transforms v6 address to v4 addresses for outgoing 1. Client sends DNS query www.server.com IPv6 Client v6 VS 6. LTM maps and transforms v4 addresses to v6 for return traffic 4. Client sends traffic to AAAA address 2. LTM sends AAAA & A Queries to DNS v4 Internet / Network www.server.com (AAAA) www.server.com (A) v4 DNS v6 DNS 3b. If only v4 DNS A record returned, LTM adds 96 bit prefix to A record and returns AAAA to client 3a. If v6 DNS then AAAA record returned to client as usual DNS64
Network Access services – IPv6 • NAT64 • Session management • Applications open more concurrent tcp connections • Users needs to be NATted behind same ip • Only 64k ports per IP – millions of users needs to be mapped behind a range of IPs. • High speed logging (compliance) • DNS64: • DNS request management • IPv6 client requests IPv4 only resource • DNS response management • IPv4 only resource isNAT’ed to IPv6 address and coordiNATed wth DNS reply • NAT46 and DNS46 is needed as well