Forum Discussion

mj16othman's avatar
mj16othman
Icon for Altostratus rankAltostratus
Sep 10, 2024

Help configuring NAT64 on a BIG-IP LTM

I have been trying to implement NAT64 in our network in order for IPv6 only clients can reach our IPv4 only servers.   Ive create an IPv6 VIP and enabled the nat6to4 option and port and address translation are enabled. 

 

VIP: ipv6

Pool: IPv4

Snat: Auto map

 

when i do  #show sys connection cs-server-address 2a:66:x.x.x.xx

 

client IPaddress                     VIP ip address     floating ip address    node 

2a:45:33.xxx                         2a:66:x.x.x.xx             any6                        any6

 

 

I able to see the client IPv6 address reaching to the VIP. But the F5 is not loadbalancing to the backend server 

How can i make this to work 

 

Any help would be greatly appreciated.

  • Hi @mj16othman

    Look Bigip LTM supports Dual stack without issues. 

    First you need to have a self-ip in IPv6 Scheme in the external VLAN also a self IP in IPv4 in server side for IPv4 pool members.
    This is my comment here, I tested it before and it worked: 
    This a PCAP I took it in my lab : 

     

    Please have a look in this article : The BIG-IP system automatically translates addresses between IPv4 and IPv6 when loadbalancing to pool members (f5.com)

     

  • HI brother im able to see the connection in the connection table once i changed the type of the VIP from {standard} to { performance layer 4}.  

     

     

    But unfortunately another issue appeared where the website is not loading. But im able to see the connection table 

     

    client IPaddress                     VIP ip address     floating ip address    node 

    2a:45:33.xxx                         2a:66:x.x.x.xx             172.16.1.1                  172.16.2.3

     

     

    I thought the issue might be related to SSL certificate. If there a way i can assign ssl on the performance layer 4 VIP. i didnt find an option for assigning  ssl certificate to it.    

    • Hey, 

      Performance l4 VS like the router , it just routs traffic from outside to inside, 
      you can't assign a ssl profile in performance L4 because you haven't any L7 visibility to parse the http Traffic. 

       

      have you added a IPv6 selfip address in the external VLAN ? 
      Take a packet capture and show it to me and revert back to standard virtual server.

      Review the Routing on F5 Bigip specially the back route for IPv6 Clients or enable "auto-last hop" feature in the virtual server.

      seems you have a missing route in F5 Bigip so auto last hop can help in this. 

      Try it and let me know