IPv6 NAT64 Network Question

We wonder if NAT64 translation is done before or after iOS decides which network interface to use.

There is no “NAT64 translation” being done on the device. Rather, an app running on the device resolves a DNS name to a set of IPv4 and IPv6 addresses, and it just happens to be that, in a NAT64 environment, this set only contains IPv6 addresses. When you think about it this way, it makes sense that a tunnel that only supports IPv4 address won’t ‘see’ these connections.

For more background on this, see Supporting IPv6 DNS64/NAT64 Networks.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi @"The Eskimo",

Thank you for your reply.

To clearly our issue in the NAT64 LTE environment:

1. After we connected to the IPv4 VPN connection, we are able to ping the domain host "domain.com", so we think the DNS works okay.

2. However, we are not able to ping its IP address: "192.168.1.134", and it translates the IPv4 IP address to an IPv6 IP address. (attached in the reply)

The iOS device under the WiFi environment can ping both of them okay.

We are not sure why it translates the IPv4 IP address to an IPv6, so we guess the NAT64 does it before sending the traffic to the tunnel.

Our thought is like the flow chart we made, and we want to confirm our thought is correct.

Thanks,

Ken

ping is a terrible test for NAT64 because IPv4 and IPv6 ping work completely differently. I recommend that you retest with a vanilla TCP connection.

We are not sure why it translates the IPv4 IP address to an IPv6, so we guess the NAT64 does it before sending the traffic to the tunnel.

That’s kinda how DNS64/NAT64 work. Note that the bottom 4 bytes of the IPv6 address, c0a8:186, are the hex representation of the IPv4 address 192.168.1.134.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"