DNS64 and NAT64 for 6to4 connectivity

This page describes how Google Cloud lets you access IPv4 destinations from IPv6-only instances using DNS64 and NAT64.

Google Cloud provides single-stack IPv6 support through IPv6-only subnets and instances. For more information about which services in Google Cloud support the IPv6-only stack type, see IPv6 Support in Google Cloud.

Your IPv6-only workloads might still require access to some IPv4 destinations. Google Cloud supports IPv6 to IPv4 connectivity through DNS64 and NAT64.

Creating IPv6-only subnets and instances and configuring DNS64 and NAT64 lets you connect your IPv6-only workloads in Google Cloud to external IPv4-only workloads on the internet.

You can configure DNS64 and NAT64 for your IPv6-only workloads if you need to do the following:

Adhere to mandates requiring a shift to IPv6 addresses without allocating IPv4 addresses.
Transition to IPv6-only address infrastructure in stages while maintaining access to existing IPv4 infrastructure.
Avoid disruptions to critical services by ensuring continued access to environments with IPv4 addresses during your transition to IPv6 addresses.

Limitations

DNS64 and NAT64 provide connectivity from IPv6-only instances to IPv4 destinations on the internet. They don't provide connectivity to IPv4 destinations in VPC networks or on-premises networks.

How it works

Accessing IPv4 destinations from IPv6-only instances requires that you configure both DNS64 and NAT64.

The following diagram shows the configuration that lets IPv6-only instances access IPv4 destinations on the internet. For more information about each service, see the following sections.

You can access IPv4 destinations on the internet from IPv6-only instances by using DNS64 and NAT64 (click to enlarge).

DNS64

DNS64 provides a synthesized IPv6 address for each IPv4 destination. Cloud DNS creates a synthesized address by combining the Well-Known Prefix (WKP) 64:ff9b::/96 with the 32 bits of the destination IPv4 address.

When an IPv6-only instance initiates a DNS request to resolve the name of an internet destination that has only an IPv4 address, Cloud DNS returns the synthesized IPv6 address.

For more information about how DNS64 works, see Cloud DNS overview.

NAT64

Public NAT supports network address translation (NAT) from IPv6 to IPv4, or NAT64.

When the request from an IPv6-only instance reaches the Cloud NAT gateway, the gateway does the following:

Replaces the source IPv6 address and port with one of the external IPv4 addresses and ports that are allocated to the gateway.
Translates the sythesized destination IPv6 address provided by Cloud DNS to the original IPv4 address.

For more information about how NAT64 works, see NAT64 in Public NAT.

What's next

To establish connectivity from IPv6-only instances to IPv4 destinations, see Configure IPv6-only subnets and instances with DNS64 and NAT64.