This document discuss with an example how to configure NAT64 using dynamic mapping. In this dynamic configuration an IPv4 address pool is created and is associated with an IPv6 ACL. The translation is done in such a way that there is one to one mapping of IPv6 address to the configured IPv4 address pool. Note that in case of dynamic mapping the initial communication needs to flow from IPv6 network towards the IPv4 network.
Understanding of IPv6 Addressing Scheme
In this configuration example, routers R1,R2 and R3 are connected via fast Ethernet interface.The router R1 is IPv4only router and router R3 is IPv6 only router. Both R1 and R2 are connected to ASR and has static routes configured pointing towards the respective ASR interface. The network address translations happen in ASR router using dynamic mappings of IPv6 address to the IPv4 address pool.
Note: All configurations are tested in a lab environment on Cisco 2800 Routers operating on Cisco IOS 15.0 and ASR operating on Cisco IOS-XE 15.1(3)S4version.
NAT64 Interface Configuration
ipv6 address <Specify an IPv6 address>
NAT64 Dynamic Configuration
ipv6 access-list <access-list-name>
permit ipv6<ipv6-address >any
nat64 prefix stateful <prefix>
Note: The above command enables the router to translate the source IP address to IPv6 by using the Stateful NAT64 prefix
7. nat64 v4 pool <pool-name> <start-ip-address end-ip-address>
! interface GigabitEthernet0/0/1 ip address 18.104.22.168 255.255.255.0 load-interval 30 negotiation auto nat64 enable cdp enable ! ! ipv6 access-list ACLv6 permit ipv6 4001::/64 any ! ! nat64 prefix stateful 2001::/96 nat64 v4 pool pool1 22.214.171.124 126.96.36.199 nat64 v6v4 list ACLv6 pool pool1 ! end
! version 15.0 ! hostname IPv6_Only_Router ! ! ipv6 unicast-routing ipv6 cef ! ! interface GigabitEthernet0/1 ip address 10.10.10.2 255.255.255.0 duplex auto speed auto ipv6 address 4001::2/96 ! ! ipv6 route 2001::/96 4001::1 ! ! end
Verifying Connectivity Using Ping Command
You can verify the connectivity across IPv4 and IPv6 network by using the ping command and to verify the translations happen at IPv4 side and IPv6 side of the network use the command debug ip icmp on router R1(IPv4_Only_Router) and debug ipv6 icmp on router R3(IPv6_Only_Router).
In router R3
Try ping router R1(IPv4 only network)is represented by the IPv6 address 2001::1414:1402.
Note: The IPv6 address 2001::1414:1402 is nothing but the Router R1's (IPv4 Router) interface Fa0/1 address 188.8.131.52 in HEX format.
IPv6_Only_Router#debug ipv6 icmp ICMP Packet debugging is on IPv6_Only_Router#ping 2001::1414:1402
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001::1414:1402, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms IPv6_Only_Router# *Dec 14 13:03:17.026: ICMPv6: Sent echo request, src=4001::2, Dst=2001::1414:1402 *Dec 14 13:03:17.026: ICMPv6: Received echo reply, src=2001::1414:1402, Dst=4001::2 *Dec 14 13:03:17.026: ICMPv6: Sent echo request, src=4001::2, Dst=2001::1414:1402 *Dec 14 13:03:17.030: ICMPv6: Received echo reply, src=2001::1414:1402, Dst=4001::2 *Dec 14 13:03:17.030: ICMPv6: Sent echo request, src=4001::2, Dst=2001::1414:1402 *Dec 14 13:03:17.030: ICMPv6: Received echo reply, src=2001::1414:1402, Dst=4001::2 *Dec 14 13:03:17.030: ICMPv6: Sent echo request, src=4001::2, Dst=2001::1414:1402 *Dec 14 13:03:17.034: ICMPv6: Received echo reply, src=2001::1414:1402, Dst=4001::2 *Dec 14 13:03:17.034: ICMPv6: Sent echo request, src=4001::2, Dst=2001::1414:1402 *Dec 14 13:03:17.034: ICMPv6: Received echo reply, src=2001::1414:1402, Dst=4001::2
Note that ping is initiated from the IPv6 side of the network and we receive successful replies from the router R1.Enable the debug ip icmp in the router R1 as well you can, see that the replies are being sent to 184.108.40.206 which is the IP address configured in the dynamic nat64 pool. The debug output from router R1(IPv4_Only_Router) is shown below:
Using this command, you can check the information about Network Address Translation 64 (NAT64) stateful prefixes. Global prefixes, nat64 configured intrerfaces and prefix static-routes will be displayed.
ASR_Router#show nat64 prefix stateful global (Displays the global prefixes)
Global Stateful Prefix: is valid, 3001::/96
IFs Using Global Prefix
ASR_Router#show nat64 prefix stateful static-routes (Displays the static-routes) Stateful Prefixes