User sessions that saving NAT mapping relationship of users, are critical to a NAT64 device when NAT64 is performed. Therefore, user session resources need to be protected against attacks to ensure resource efficiency.
On a NAT64 device, you can set the aging time of NAT64 user session entries of various application protocols to age expired session entries and release system resources.
If a user with an IPv6 address launches a DoS attack, such as a SYN Flood attack, session table resources of the NAT64 device may be exhausted, and other users cannot create the session table and fail to go online. Therefore, the number of TCP, UDP, ICMP, and total sessions established by a user needs to be collected and monitored. When the number of TCP, UDP, or ICMP sessions from a user reaches the preset threshold, the system suppresses new connections from the user.