NAT - Network Address Translation

Modern NAT Techniques

Types of Network Address Translation (NAT): NAT44, NAT64, and NAT66

NAT44 (IPv4)

Smart and Scalable Connectivity

Flexible address translation – Hide entire private networks behind one or multiple public IPs with SNAT, including dynamic "masquerade" configurations.
Built-in load balancing – Distribute sessions across multiple public IPs with customizable hash rules (by source, destination, ports, or random) for optimal efficiency and resilience.
Operational reliability – Granular control of "leaky" traffic marked as invalid without shutting down flows, ideal for troubleshooting and advanced security.

NAT64 (IPv6 ↔ IPv4)

Bridging Protocol Worlds

Seamless IPv6–IPv4 communication – NAT64 enables IPv6 clients to access IPv4 servers transparently, supported by DNS64 for smooth integration.
Straightforward configuration – Define translation prefixes, address pools, and traffic handling (UDP/TCP/ICMP) with high availability and compatibility, perfect for IPv6 adoption.

NAT66 (IPv6 → IPv6)

Efficient IPv6 Prefix Translation

Full IPv6 prefix translation – SNAT66 and DNAT66 allow mapping between internal and global IPv6 prefixes, supporting multi-homed and redundant enterprise designs.
High availability and multi-homing – Shared NAT66 configurations across clusters enable resilient, balanced setups for mission-critical environments.
Granular traffic control – Policy-based rules for source and destination prefixes deliver precise mapping per interface or application.

Why Deploy NAT with VyOS in Your Enterprise Network?

Enable seamless connectivity and security across your enterprise with VyOS NAT

Complete Versatility

Full support for NAT44, NAT64, and NAT66 in a single platform, covering IPv4, IPv6, and hybrid environments.

Operational Simplicity

One powerful CLI to configure translation, load balancing, redundancy, and policy-driven rules.

Scalable and Efficient

Handles large traffic volumes with dynamic pools and built-in load balancing, ideal for growing enterprises.

Always Available

HA features like NAT44 load-balancing and NAT66 redundancy keep services running during failures or traffic surges.

Future-Ready

Simplifies IPv6 transition, hybrid cloud adoption, and secure connectivity, without costly proprietary solutions.

NAT for Enterprises: Secure, Simplified, and Scalable Connectivity

Download Solution Brief

Key Features

Traffic Balancing

Splitting and balancing traffic between multiple links optimize not only packet flow, latency and connectivity, but also gives you a fine control over your data flow into external connections. With BGP inside VyOS you can control connectivity to external networks by managing your network visibility, filtering announcements and marking routes with dedicated groups for easier management.

Portability

If you need an additional router, you can deploy one on almost any device with 64-bit x86 CPU, without having to obtain specific hardware. The productivity and performance of current microprocessors are growing rapidly, leading to constant appearance of new and more powerful devices at lower costs. Thus, such devices become increasingly more available, allowing you to speed up your router with small investments without having to alter the software.

Dynamic Internal Routing

Border gateway needs not only the ability to peer with autonomous external systems but also effectively route traffic between internal routers. VyOS supports OSPFv2/v, IS-IS as well as MPLS, LDP and segment routing to keep routing ans transport for both IPv4 and IPv6 resources under control.

Reliable Connectivity

ISPs are transit points for many users’ traffic and keeping them online at all times is an absolute top-priority task. Usually, this is done by providing multiple paths to the same resources on the internet that VyOS accomplishes by means of dynamic BGP routing or static load-balancing with automated failover.

High Availability

Even the most durable routing solutions can’t ensure 100% uptime. To avoid troubles with a single point of failure, VyOS provides the ability to build multi-routers topologies with VRRP. You can always be prepared to face an unexpected problem and conduct maintenance in peace.

Supported Protocols

Comprehensive Support for Industry-Standard Routing Protocols

Interior Gateway Protocols

OSPFv2 / OSPFv3
IS-IS
RIP / RIPng

Exterior Gateway Protocol

BGP (iBGP and eBGP)
Core protocol for internet and inter-AS routing
Full IPv4 and IPv6 support
Support for BGP communities, route reflectors, confederations
Graceful Restart and BGP Add-Path
RPKI and BGP Flowspec

Tunneling and MPLS

MPLS / RSVP-TE / LDP / SR-MPLS / SRv6
GRE / IPsec / VXLAN (For overlay connectivity or secure tunnels)

Routing Policies & Filtering

Prefix-lists, route-maps, communities, extended communities, AS-path filters, etc.

Monitoring and Management

NetFlow / sFlow / IPFIX
SNMP
Syslog, BGP monitoring protocols (BMP)

Security Protocols

RPKI (Resource Public Key Infrastructure)
BGP MD5, TTL Security
ACLs

Why VyOS?

Our key benefits:

Routing Management

Support for dynamic routing protocols to discover the network, maintain routing tables and calculate the best path for the traffic. Having low levels of routing overhead, using administrator-specified paths and preventing network information leakage are the jobs of static routing.

Advanced Configurations

Automation with scripting for advanced configurations allows you to actively react to events happening in your network and control your router via external automation tools.

List of Hardware Vendors

Compatibility with a long list of hardware vendors helps our customers migrate from proprietary hardware or upgrade to higher-performance software, enabling a successful transition to white box networking.