What is NAT64?

Turkish: NAT64

NAT64 translates traffic so IPv6-only clients can reach IPv4 services, usually together with DNS64 in transition networks.

What is NAT64?

NAT64 is a transition mechanism that lets IPv6-only clients reach servers that still run on IPv4. It is commonly used in mobile operator networks, IPv6-only deployments, and environments where some external services remain IPv4-dependent.

NAT64 usually works with DNS64. DNS64 creates a synthetic AAAA record for a domain that only has an IPv4 address, and the NAT64 gateway translates the resulting IPv6 traffic into IPv4 traffic.

How NAT64 Works

When the client resolves a domain name, DNS64 embeds the IPv4 address inside a configured IPv6 prefix. The client connects to that IPv6 address. The NAT64 device recognizes the embedded IPv4 destination, translates the packet, and translates the response back to the IPv6 side.

  • Stateful NAT64: Keeps connection state in a table; common in carrier and enterprise networks.
  • Stateless NAT64: Uses deterministic address translation rules for more specialized designs.
  • DNS64: Makes domain-based access work smoothly with NAT64.

Use Cases and Limits

NAT64 helps teams move toward IPv6 without cutting off access to IPv4 services. Application teams can operate IPv6-only networks while still calling older external systems.

It is not transparent for every protocol. Protocols that embed IP addresses inside application payloads, security rules that expect fixed IPv4 addresses, or flows that require reverse inbound connections may fail. As with basic NAT, logging, monitoring, and troubleshooting need to be planned.