Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

IPv6 Stateful Nat64 Dynamic Mapping Configuration Example

 

 

Introduction

This document discuss with an example how to configure NAT64 using dynamic mapping. In this dynamic configuration an IPv4 address pool is created and is associated with an IPv6 ACL. The translation is done in such a way that  there is one to one mapping of IPv6 address to the configured IPv4 address pool. Note that in case of dynamic mapping the initial communication needs to flow from IPv6 network towards the IPv4 network.

 

Requirements

 

  • Understanding of IPv6 Addressing Scheme
  • Understanding NAT64

     

Background

 

In this configuration example, routers R1,R2 and R3 are connected via fast Ethernet interface.The router R1 is IPv4only router and router R3 is IPv6 only router. Both R1 and R2 are connected to ASR and has static routes configured pointing towards the respective ASR interface. The network address translations happen in ASR router using dynamic mappings of IPv6 address to the IPv4 address pool.

 

Note: All configurations are tested in a lab environment on Cisco 2800 Routers operating on Cisco IOS 15.0 and ASR operating on Cisco IOS-XE 15.1(3)S4version.

 

Topology Diagram

 

dynamicnat64netdiag.jpeg

 

Summary Steps

 

NAT64 Interface Configuration

  1. ipv6 address <Specify an IPv6 address>
  2. nat64 enable
  3. exit

 

NAT64 Dynamic Configuration

  1. enable
  2. configure terminal
  3. ipv6 access-list <access-list-name>
  4. permit ipv6 <ipv6-address >any
  5. exit
  6. nat64 prefix stateful <prefix>

Note: The above command enables the router to translate the source IP address to IPv6 by using the  Stateful NAT64 prefix

   7. nat64 v4 pool <pool-name> <start-ip-address end-ip-address>

   8. nat64 v6v4 list <access-list-name> pool <pool-name>  

   9. exit

 

Configuration

 

 

Router R1

IPv4 Only Router

Router R2

ASR Router

Router R3

IPv6 Only Router

!
version 15.0
!
hostname IPv4_Only _Router
!

 

ip cef
!
interface FastEthernet0/1
ip address 20.20.20.2 255.255.255.0
duplex auto
speed auto
!
ip route 27.1.1.0 255.255.255.0 20.20.20.1
!
end
!
version 15.1
!
hostname ASR_Router
!
!
ipv6 unicast-routing
!
!
interface GigabitEthernet0/0/0
  ipv6 address 4001::1/96
nat64 enable
cdp enable

!
interface GigabitEthernet0/0/1
ip address 20.20.20.1 255.255.255.0
load-interval 30
negotiation auto
nat64 enable
cdp enable
!
!
ipv6 access-list ACLv6
permit ipv6 4001::/64 any
!
!
nat64 prefix stateful 2001::/96
nat64 v4 pool pool1 27.1.1.10 27.1.1.11
nat64 v6v4 list ACLv6 pool pool1
!
end
!
version 15.0
!
hostname IPv6_Only_Router
!
!
ipv6 unicast-routing
ipv6 cef
!
!
interface GigabitEthernet0/1
ip address 10.10.10.2 255.255.255.0
duplex auto
speed auto
ipv6 address 4001::2/96
!
!
ipv6 route 2001::/96 4001::1
!
!
end

 

 

Verify Commands

 

Verifying Connectivity Using Ping Command

 

You can verify the connectivity across IPv4 and IPv6 network by using the ping command and to verify the translations happen at IPv4 side and IPv6 side of the network use the command debug ip icmp on router  R1(IPv4_Only_Router) and debug ipv6 icmp on router R3(IPv6_Only_Router).

 

In router R3

 

Try ping router R1(IPv4 only network)is represented by the IPv6 address 2001::1414:1402.

 

Note: The IPv6 address 2001::1414:1402 is nothing but the Router R1's (IPv4 Router) interface Fa0/1 address 20.20.20.2 in HEX format.

 

IPv6_Only_Router#debug ipv6 icmp
  ICMP Packet debugging is on
IPv6_Only_Router#ping 2001::1414:1402

 

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1414:1402, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms
IPv6_Only_Router#
*Dec 14 13:03:17.026: ICMPv6: Sent echo request, src=4001::2, Dst=2001::1414:1402
*Dec 14 13:03:17.026: ICMPv6: Received echo reply, src=2001::1414:1402, Dst=4001::2
*Dec 14 13:03:17.026: ICMPv6: Sent echo request, src=4001::2, Dst=2001::1414:1402
*Dec 14 13:03:17.030: ICMPv6: Received echo reply, src=2001::1414:1402, Dst=4001::2
*Dec 14 13:03:17.030: ICMPv6: Sent echo request, src=4001::2, Dst=2001::1414:1402
*Dec 14 13:03:17.030: ICMPv6: Received echo reply, src=2001::1414:1402, Dst=4001::2
*Dec 14 13:03:17.030: ICMPv6: Sent echo request, src=4001::2, Dst=2001::1414:1402
*Dec 14 13:03:17.034: ICMPv6: Received echo reply, src=2001::1414:1402, Dst=4001::2
*Dec 14 13:03:17.034: ICMPv6: Sent echo request, src=4001::2, Dst=2001::1414:1402
*Dec 14 13:03:17.034: ICMPv6: Received echo reply, src=2001::1414:1402, Dst=4001::2

 

Note that ping is initiated from the IPv6 side of the network and we receive successful replies from the router R1.Enable the debug ip icmp in the router R1 as well you can, see that the replies are being sent to 27.1.1.10 which is the IP address configured in the dynamic nat64 pool. The debug output from router R1(IPv4_Only_Router) is shown below:

 

*Dec 14 12:42:41.078: ICMP: echo reply sent, src 20.20.20.2, dst 27.1.1.10, topology BASE, dscp 0 topoid 0
*Dec 14 12:42:41.078: ICMP: echo reply sent, src 20.20.20.2, dst 27.1.1.10, topology BASE, dscp 0 topoid 0
*Dec 14 12:42:41.078: ICMP: echo reply sent, src 20.20.20.2, dst 27.1.1.10, topology BASE, dscp 0 topoid 0
*Dec 14 12:42:41.082: ICMP: echo reply sent, src 20.20.20.2, dst 27.1.1.10, topology BASE, dscp 0 topoid 0
*Dec 14 12:42:41.082: ICMP: echo reply sent, src 20.20.20.2, dst 27.1.1.10, topology BASE, dscp 0 topoid 0
*Dec 14 12:42:50.386: ICMP: echo reply sent, src 20.20.20.2, dst 27.1.1.10, topology BASE, dscp 0 topoid 0
*Dec 14 12:42:50.390: ICMP: echo reply sent, src 20.20.20.2, dst 27.1.1.10, topology BASE, dscp 0 topoid 0
*Dec 14 12:42:50.390: ICMP: echo reply sent, src 20.20.20.2, dst 27.1.1.10, topology BASE, dscp 0 topoid 0
*Dec 14 12:42:50.394: ICMP: echo reply sent, src 20.20.20.2, dst 27.1.1.10, topology BASE, dscp 0 topoid 0
*Dec 14 12:42:50.394: ICMP: echo reply sent, src 20.20.20.2, dst 27.1.1.10, topology BASE, dscp 0 topoid 0

 

The connectivity from IPv4 network to IPv6 network is verified by pinging the IPv4 address 27.1.1.10 which represents the IPv6 side.

 

Note: The IPv4 address 27.1.1.10 is the address configured in the NAT64 address pool.

 

IPv4_Only _Router#ping 27.1.1.10

 

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 27.1.1.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

 

*Dec 14 13:09:26.254: ICMPv6: Received echo request, src=2001::1414:1402, Dst=4001::2
*Dec 14 13:09:26.254: ICMPv6: Sent echo reply, src=4001::2, Dst=2001::1414:1402
*Dec 14 13:09:26.254: ICMPv6: Received echo request, src=2001::1414:1402, Dst=4001::2
*Dec 14 13:09:26.254: ICMPv6: Sent echo reply, src=4001::2, Dst=2001::1414:1402
*Dec 14 13:09:26.258: ICMPv6: Received echo request, src=2001::1414:1402, Dst=4001::2
*Dec 14 13:09:26.258: ICMPv6: Sent echo reply, src=4001::2, Dst=2001::1414:1402
*Dec 14 13:09:26.258: ICMPv6: Received echo request, src=2001::1414:1402, Dst=4001::2
*Dec 14 13:09:26.258: ICMPv6: Sent echo reply, src=4001::2, Dst=2001::1414:1402
*Dec 14 13:09:26.262: ICMPv6: Received echo request, src=2001::1414:1402, Dst=4001::2
*Dec 14 13:09:26.262: ICMPv6: Sent echo reply, src=4001::2, Dst=2001::1414:1402

 

The following show commands can be used to see NAT64 translations that happen in ASR router

 

Show nat64 translation

 

To display the NAT64 translations in ASR use this command

 

ASR_Router#show nat64 translation

Proto  Original IPv4         Translated IPv4
        Translated IPv6       Original IPv6
----------------------------------------------------------------------------

---    ---                   ---
        27.1.1.10             4001::2
icmp   20.20.20.2:1          [2001::1414:1402]:1
        27.1.1.10:1           [4001::2]:1
icmp   20.20.20.2:3502       [2001::1414:1402]:3502
        27.1.1.10:3502        [4001::2]:3502

Total number of translations: 3

 

Show nat64 mappings static

 

To display the information about the Network Address Translation 64 (NAT64) dynamic mappings, use this command.

 

ASR_Router#show nat64 mappings dynamic

Dynamic mappings configured: 1

Direction ACL
   Pool                             Flags

v6v4      ACLv6
pool1                            0x00000000 (none)

Show nat64 adjacency ipv6

 

This command displays the information about the Network Address Translation 64 (NAT64) managed adjacencies.

 

ASR_Router#show nat64 adjacency ipv6

 

Adjacency Counts

 

   Stateless Prefix Adjacencies: 0
   Stateless Prefix Adjacency Ref Count: 0
   v4v6 Stateless Prefix Adjacencies: 0
   v4v6 Stateless Prefix Adjacency Ref Count: 0
   v6v4 Stateless Prefix Adjacencies: 0
   v6v4 Stateless Prefix Adjacency Ref Count: 0
   Stateful Prefix Adjacencies: 1
   Stateful Prefix Adjacency Ref Count: 1
   IPv6 Well-Known Prefix Adjacencies: 1
   IPv6 Well-Known Prefix Adjacency Ref Count: 1
   IPv6 Static Mapping Adjacencies: 0
   IPv6 Static Mapping Adjacency Ref Count: 0
   IPv4 Route Adjacencies: 0


Adjacencies

 

   Stateful Prefix: ::100.0.0.1
   IPv6 Well-Known Prefix: ::100.0.0.2
   IPv6 Stateful Mask: ::100.0.0.0

 

Show nat64 prefix stateful

 

Using this command, you can check the information about Network Address Translation 64 (NAT64) stateful prefixes. Global prefixes, nat64 configured intrerfaces and prefix static-routes will be displayed.

 

ASR_Router#show nat64 prefix stateful global (Displays the global prefixes)

 

Global Stateful Prefix: is valid, 3001::/96

IFs Using Global Prefix

   Fa0/2/6
   Fa0/2/7

 


ASR_Router#show nat64 prefix stateful static-routes (Displays the static-routes)
Stateful Prefixes


NAT64 Prefix
   Static Route Ref-Count

3001::/96
   1

 

ASR_Router#show nat64 prefix stateful interfaces (Displays the nat64 enabled interfaces)
Stateful Prefixes

 

Interface
   NAT64 Enabled Global Prefix

 

FastEthernet0/2/6
   TRUE          TRUE   3001::/96
FastEthernet0/2/7
   TRUE          TRUE   3001::/96

 

Show nat64 statistics

 

To display Network Address Translation 64 (NAT64) packet count statistics use this command


ASR_Router#show nat64 statistics
NAT64 Statistics

Total active translations: 2 (0 static, 2 dynamic; 1 extended)
Sessions found: 242
Sessions created: 28
Expired translations: 25
Global Stats:
   Packets translated (IPv4 -> IPv6)
      Stateless: 0
      Stateful: 130
   Packets translated (IPv6 -> IPv4)
      Stateless: 0
      Stateful: 135

Interface Statistics
   GigabitEthernet0/0/0 (IPv4 configured, IPv6 configured):
      Packets translated (IPv4 -> IPv6)
         Stateless: 0
         Stateful: 0
      Packets translated (IPv6 -> IPv4)
         Stateless: 0
         Stateful: 135
      Packets dropped: 0
   GigabitEthernet0/0/1 (IPv4 configured, IPv6 not configured):
      Packets translated (IPv4 -> IPv6)
         Stateless: 0
         Stateful: 130
      Packets translated (IPv6 -> IPv4)
         Stateless: 0
         Stateful: 0
      Packets dropped: 5
Dynamic Mapping Statistics
   v6v4
      access-list ACLv6 pool pool1 refcount 2
         pool pool1:
            start 27.1.1.10 end 27.1.1.11
            total addresses 2, allocated 1 (50%)
            address exhaustion packet count 0
Limit Statistics

References

 

Routing Information Protocol
Comments
Community Member

aah..i need to put this in lab now..

Community Member

Hi Sivagami,

Is there any hardware or software limitation for the router who is doing the translation job? So according to your design, the router R2 is an ASR, do we have to have specific hardware like ASR?

Please reply because I am starting to set this up in the along with the 'overload' scenario.

-Thanks,

Deepak A.

Hi Deepak,

You are right! The NAT64 feature is implemented from IOS XE 3.2S release onwards.

Hope this helps

Thanks

Sivagami.N

2518
Views
4
Helpful
3
Comments