Forum Discussion
Help configuring NAT64 on a BIG-IP LTM
I have been trying to implement NAT64 in our network in order for IPv6 only clients can reach our IPv4 only servers. Ive create an IPv6 VIP and enabled the nat6to4 option and port and address translation are enabled.
VIP: ipv6
Pool: IPv4
Snat: Auto map
when i do #show sys connection cs-server-address 2a:66:x.x.x.xx
client IPaddress VIP ip address floating ip address node
2a:45:33.xxx 2a:66:x.x.x.xx any6 any6
I able to see the client IPv6 address reaching to the VIP. But the F5 is not loadbalancing to the backend server
How can i make this to work
Any help would be greatly appreciated.
Hi @mj16othman,
Look Bigip LTM supports Dual stack without issues.
First you need to have a self-ip in IPv6 Scheme in the external VLAN also a self IP in IPv4 in server side for IPv4 pool members.
This is my comment here, I tested it before and it worked:
This a PCAP I took it in my lab :Please have a look in this article : The BIG-IP system automatically translates addresses between IPv4 and IPv6 when loadbalancing to pool members (f5.com)
- mj16othmanAltostratus
HI brother im able to see the connection in the connection table once i changed the type of the VIP from {standard} to { performance layer 4}.
But unfortunately another issue appeared where the website is not loading. But im able to see the connection table
client IPaddress VIP ip address floating ip address node
2a:45:33.xxx 2a:66:x.x.x.xx 172.16.1.1 172.16.2.3
I thought the issue might be related to SSL certificate. If there a way i can assign ssl on the performance layer 4 VIP. i didnt find an option for assigning ssl certificate to it.
Hey,
Performance l4 VS like the router , it just routs traffic from outside to inside,
you can't assign a ssl profile in performance L4 because you haven't any L7 visibility to parse the http Traffic.have you added a IPv6 selfip address in the external VLAN ?
Take a packet capture and show it to me and revert back to standard virtual server.Review the Routing on F5 Bigip specially the back route for IPv6 Clients or enable "auto-last hop" feature in the virtual server.
seems you have a missing route in F5 Bigip so auto last hop can help in this.
Try it and let me know
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com