[c-nsp] v6 NAT-PT Support
Harold Ritter
hritter at cisco.com
Sat Dec 11 13:50:18 EST 2010
Mack,
NAT-PT does not necessarily need a DNS64 as it does have an DNS ALG component. It can work in conjunction with a DNS64 though.
Here is some information from the documentation manual:
IPv4-Mapped Operation
Customers can also send traffic from their IPv6 network to an IPv4 network without configuring IPv6 destination address mapping. A packet arriving at an interface is checked to discover if it has a NAT-PT prefix that was configured with the ipv6 nat prefix v4-mapped command. If the prefix matches, then an access-list check is performed to discover if the source address matches the access list or prefix list. If the prefix does not match, the packet is dropped.
If the prefix matches, source address translation is performed. If a rule has been configured for the source address translation, the last 32 bits of the destination IPv6 address is used as the IPv4 destination and a flow entry is created.
With an IPv4-mapping configuration on the router, when the DNS ALG IPv4 address is converted to an IPv6 address, the IPv6 address is processed and the DNS packets from IPv4 network get their ALGs translated into the IPv6 network.
Here's the URL to the NAT-PT documentation:
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-nat_trnsln_ps6350_TSD_Products_Configuration_Guide_Chapter.html
Regards
Le 2010-12-10 à 16:59, Mack McBride a écrit :
> You need DNS64 as well as NAT64.
> NAT-PT is just NAT64 without additional support for FTP and SIP and such.
>
> Mack McBride
> Network Architect
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Aftab Siddiqui
> Sent: Friday, December 10, 2010 7:06 AM
> To: Cisco-nsp
> Subject: [c-nsp] v6 NAT-PT Support
>
> Dear All,
>
> While doing a v6 NAT-PT test, I'm able to access v6 web but unable to browse
> the v4 Internet. For sure some config issue. Can anyone take a peak or
> suggest any alternative for THIS platform?
>
> Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version
> 12.4(15)T7, RELEASE SOFTWARE (fc3)
>
> Config:
> ---------
>
> no ip cef
> !
> !
> ip name-server 2001:500::1035
> !
> ipv6 unicast-routing
> multilink bundle-name authenticated
> !
> !
> !
> controller E1 0/1/0
> !
> controller E1 0/1/1
> !
> no ip rcmd domain-lookup
> !
> !
> !
> !
> interface Loopback0
> no ip address
> ipv6 address 2001:abcd:101:1::1/64
> !
> interface Tunnel300
> description *** Tunnel to IPv6 Router ***
> no ip address
> ipv6 address 2001:abcd:101::2/65
> tunnel source 124.xx.xx.90
> tunnel destination 202.yy.yy.249
> tunnel mode ipv6ip
> !
> interface FastEthernet0/0
> description *** 124.xx.xx.90 ***
> ip address 124.xx.xx.90 255.255.255.252
> duplex auto
> speed auto
> ipv6 nat
> !
> interface FastEthernet0/1
> no ip address
> duplex auto
> speed auto
> ipv6 address 2001:abcd:101:0:8000::1/65
> ipv6 nat
> !
> !
> router bgp 64712
> bgp router-id 124.xx.xx.90
> no bgp default ipv4-unicast
> bgp log-neighbor-changes
> neighbor 2001:abcd:101::1 remote-as 9500
> neighbor 2001:abcd:101::1 password szabist
> !
> address-family ipv6
> neighbor 2001:abcd:101::1 activate
> network 2001:abcd:101:0:8000::/65
> network 2001:abcd:101:1::/64
> exit-address-family
> !
> ip forward-protocol nd
> ip route 0.0.0.0 0.0.0.0 124.xx.xx.89
> !
> !
> ipv6 route 2001:abcd:101:0:8000::/65 Null0
> ipv6 route ::/0 2001:abcd:101::1
> ipv6 nat v6v4 source list v6-list pool v4pool
> ipv6 nat v6v4 pool v4pool 124.xx.xx.90 124.xx.xx.90 prefix-length 30
> ipv6 nat prefix 2001:abcd::/96
> !
> route-map map permit 10
> match interface FastEthernet0/1
> !
> !
> !
> !
> ipv6 access-list v6-list
> permit ipv6 2001:abcd:101:0:8000::/65 any
>
>
> Regards,
>
> Aftab A. Siddiqui
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
Harold Ritter
Directeur Technique/Technical Leader
Advanced Services Central Engineering
CCIE 4168 (R&S, SP)
harold at cisco.com
Téléphone: 514 847 6856
Les Systèmes Cisco
1800 McGill College
Suite 700
Montréal, Québec H3A 3J6
Canada
More information about the cisco-nsp
mailing list