Which three statements regarding NAT64 operations are correct? (Choose three.)
A . With stateful NAT64, many IPv6 address can be translated into one IPv4 address, thus IPv4 address conservation is achieved
B . Stateful NAT64 requires the use of static translation slots so IPv6 hosts and initiate connections to IPv4 hosts.
C . With stateless NAT64, the source and destination IPv4 addresses are embedded in the IPv6 addresses
D . NAT64 works in conjunction with DNS64
E . Both the stateful and stateless NAT64 methods will conserve IPv4 address usage
Answer: A,C,D
Explanation:
Stateful NAT64-Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers Stateful NAT64 multiplexes many IPv6 devices into a single IPv4 address. It can be assumed that thistechnology will be used mainly where IPv6-only networks and clients (ie. Mobile handsets, IPv6 only wireless,etc…) need access to the IPv4 internet and its services.
The big difference with stateful NAT64 is the elimination of the algorithmic binding between the
IPv6 addressand the IPv4 address. In exchange, state is created in the NAT64 device for every flow. Additionally, NAT64only supports IPv6-initiated flows. Unlike stateless NAT64, stateful NAT64 does `not’ consume a single IPv4address for each IPv6 device that wants to communicate to the IPv4 Internet. More practically this means thatmany IPv6-only users consume only single IPv4 address in similar manner as IPv4-to-IPv4 network addressand port translation works. This works very well if the connectivity request is initiated from the IPv6 towards theIPv4 Internet. If an IPv4-only device wants to speak to an IPv6-only server for example, manual configuration of the translation slot will be required, making this mechanism less attractive to provide IPv6 services towards theIPv4 Internet. DNS64 is usually also necessary with a stateful NAT64, and works the same with both statelessand stateful NAT64
Stateless NAT64-Stateless translation between IPv4 and IPv6RFC6145 (IP/ICMP Translation Algorithm) replaces RFC2765 (Stateless IP/ICMP Translation Algorithm (SIIT))and provides a stateless mechanism to translate a IPv4 header into an IPv6 header and vice versa. Due to thestateless character this mechanism is very effective and highly fail safe because more as a single-or multipletranslators in parallel can be deployed and work all in parallel without a need to synchronize between thetranslation devices.
The key to the stateless translation is in the fact that the IPv4 address is directly embedded in the IPv6address. A limitation of stateless NAT64 translation is that it directly translates only the IPv4 options that havedirect IPv6 counterparts, and that it does not translate any IPv6 extension headers beyond the fragmentationextension header; however, these limitations are not significant in practice.
With a stateless NAT64, a specific IPv6 address range will represent IPv4 systems within the IPv6 world. Thisrange needs to be manually configured on the translation device. Within the IPv4 world all the IPv6 systemshave directly correlated IPv4 addresses that can be algorithmically mapped to a subset of the serviceprovider’s IPv4 addresses. By means of this direct mapping algorithm there is no need to keep state for anytranslation slot between IPv4 and IPv6. This mapping algorithm requires the IPv6 hosts be assigned specificIPv6 addresses, using manual configuration or DHCPv6.
Stateless NAT64 will work very successful as proven in some of the largest networks, however it suffers fromsome an important side-effect: Stateless NAT64 translation will give an IPv6-only host access to the IPv4 worldand vice versa, however it consumes an IPv4 address for each IPv6-only device that desires translation –exactly the same as a dual-stack deployment. Consequentially, stateless NAT64 is no solution to address theongoing IPv4 address depletion.Stateless NAT64 is
a good tool to provide Internet servers with an accessibleIP address for both IPv4 and IPv6 on the global Internet. To aggregate many IPv6 users into a single IPv4address, stateful NAT64 is required. NAT64 are usually deployed in conjunction with a DNS64. This functionssimilar to, but different than, DNS-ALG that was part of NAT-PT. DNS64 is not an ALG; instead, packets aresent directly to and received from the DNS64’s IP address. DNS64 can also work with DNSSEC (whereasDNS-ALG could not).