Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1601
Views
4
Helpful
16
Replies

NAT64 DROPS COMING FROM IPV6 TO IPV4

Go to solution
shaileshtata1
Level 1
Level 1

‎11-08-2023 04:55 AM

***Configuration on Bridge Domain  for NAT64 on IR8340 *************

interface BDI1
ip address 9.1.1.2 255.255.255.0
ipv6 address 3001:11:0:1::1/64
ipv6 enable
encapsulation dot1Q 11
nat64 enable
end

nat64 prefix stateful 3001::/96
nat64 v4v6 static 9.1.1.3 3001::960B:202
nat64 v4v6 static 150.11.2.2 2001::960B:201
nat64 v6v4 static 2001:11:0:1::2 150.11.7.2
nat64 v6v4 static 3001:11:0:1::2 9.1.7.2

drops coming although intermittent ping happening from IPv6 to IPv6 translation of IPv4 device.

IR8340#sh nat64 statistics int bdi1
NAT64 Statistics

Interface Statistics
BDI1 (IPv4 configured, IPv6 configured):
Packets translated (IPv4 -> IPv6)
Stateless: 0
Stateful: 234
nat46: 0
MAP-T: 0
MAP-E: 0
Packets translated (IPv6 -> IPv4)
Stateless: 0
Stateful: 220
nat46: 0
MAP-T: 0
MAP-E: 0
Packets dropped: 16

following drops messages are coming 

IR8340#sh platform hardware qfp active feature nat64 datapath statistics
non-extended 4 statics 4 ext_binds 0
v6v4 xlated pkts 689
v4v6 xlated pkts 703
NAT46 v4v6 xlated pkts 0
NAT46 v6v4 xlated pkts 0
generated tcp csum 0
generated udp csum 0
Proxy Stats ipc retry fail 0
Alias: add 0 del 0 add_fail 0 del_fail 0
nat64_v6tov4_pkts 0 nat64_v4tov6_pkts 0 nat64_fbd_hits 0
NAT64_DROP_SC_PROCESS_V6_ERR 317
NAT64_DROP_SC_CLASSIFY_V6V4_FAIL 317
NAT64_DROP_SC_NO_N64_SB 6

if anyone know the reason or cause please help ?? urgent help required.

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
shaileshtata1
Level 1
Level 1

‎12-20-2023 10:17 PM

Finally the issue was resolved.

Config was perfectly fine.

The issue was IPv6 stack of End device .

In TX340s the IPv6 stack responds to Auto Configuration when it is in static configuration after some time. Thus it starts sending packets with EUI-64 IPv6 address after some time.

Thanks everyone for the response. 

 

View solution in original post

16 Replies 16

Go to solution
Rich R
VIP
VIP

‎11-09-2023 08:01 AM

1. Make sure your IOS-XE version is up to date to eliminate any known/fixed bugs.  What version are you using?

2. Use packet trace to identify the specific point at which the packets are getting dropped and why?  Even then the reason may not always be clear and you might need to open a TAC case.
https://www.cisco.com/c/en/us/support/docs/content-networking/adaptive-session-redundancy-asr/117858-technote-asr-00.html

 

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

Go to solution
shaileshtata1
Level 1
Level 1
In response to Rich R

‎11-19-2023 11:22 PM

Thanks Rich 

1. Make sure your IOS-XE version is up to date to eliminate any known/fixed bugs.  What version are you using?

Ans : It is up to date and the version is 17.8.1a 

Drop reasons is already coming as following only thing is description of these codes is unavailable  

NAT64_DROP_SC_PROCESS_V6_ERR 317
NAT64_DROP_SC_CLASSIFY_V6V4_FAIL 317

 

 

0 Helpful

Go to solution
Rich R
VIP
VIP
In response to shaileshtata1

‎11-20-2023 04:14 AM

>Ans : It is up to date and the version is 17.8.1a 
Are you joking?  17.8 is a limited support release - it will never get any rebuilds with bug fixes and is already out of date. https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-xe-17/ios-xe-17-8-x-eol.html
You should only ever be using a limited support release for a short time to get a specific new feature or fix before a suitable extended support release is available, and then you should plan to migrate to the appropriate extended support release as soon as it is available.
In your case you should be using 17.9.4a.  The next extended support release train is 17.12 so you should already be planning to move to 17.12 when 17.9 approaches end of software maintenance.
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-xe-17/ios-xe-17-9-x-eol.html

1. Upgrade to 17.9.4a (because that's probably the first thing TAC will tell you anyway).

2. If you still see the problem on 17.9.4a then open a TAC case to diagnose it.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Go to solution
shaileshtata1
Level 1
Level 1

‎12-03-2023 08:53 PM

Hi Rich ,  We updated the SW version to 17.9.4a but still the issue persists. 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to shaileshtata1

‎12-03-2023 09:50 PM

Can you share config you use

MHM

0 Helpful

Go to solution
shaileshtata1
Level 1
Level 1
In response to MHM Cisco World

‎12-03-2023 11:57 PM

Hi the following is the configuration being used 

 

***Configuration on Bridge Domain  for NAT64 on IR8340 *************

interface BDI1
ip address 9.1.1.2 255.255.255.0
ipv6 address 3001:11:0:1::1/64
ipv6 enable
encapsulation dot1Q 11
nat64 enable
end

nat64 prefix stateful 3001::/96
nat64 v4v6 static 9.1.1.3 3001::960B:202
nat64 v4v6 static 150.11.2.2 2001::960B:201
nat64 v6v4 static 2001:11:0:1::2 150.11.7.2
nat64 v6v4 static 3001:11:0:1::2 9.1.7.2

 

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to shaileshtata1

‎12-04-2023 10:06 AM

Sorry for my little info. But I try help here.

NAT64 used between interface have ipv4 and other interface have ipv6' it NATing ipv4toipv6

Here I see BDI have both ip (dual stack) and NAT64 enable!!!

MHM

0 Helpful

Go to solution
Rich R
VIP
VIP
In response to shaileshtata1

‎12-04-2023 03:53 AM

Did you do a Datapath Packet Trace as advised in my first reply?

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Go to solution
shaileshtata1
Level 1
Level 1

‎12-04-2023 05:39 AM

Hi All , 

Test Setup as follows :

shaileshtata1_0-1701696960110.png

 

Configuration Done on Router as follows :

 

Current bridge-domain configuration:
1
member GigabitEthernet0/0/0 service-instance 1
member Vlan11 service-instance 1

!
end

interface BDI1
mtu 1650
ip address 9.1.1.2 255.255.255.0
ip pim dense-mode
ipv6 address 3001:11:0:1::2/64
ipv6 enable
encapsulation dot1Q 11
nat64 enable
end

interface Vlan11
no ip address
service instance 1 ethernet
encapsulation dot1q 1-4094
!
end

!
interface GigabitEthernet0/1/5
switchport access vlan 11
switchport mode access
end

interface GigabitEthernet0/1/6
switchport access vlan 11
switchport mode access
end

nat64 prefix stateful 3001::/96
nat64 v4v6 static 9.1.1.3 3001::960B:202
nat64 v6v4 static 3001:11:0:1::3 9.1.7.2

 

Any help offered will ne highly appreciated.

 

 

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to shaileshtata1

‎12-04-2023 10:08 AM

Check my note above'

You need two interface in route not use BDI dual stack 

MHM

0 Helpful

Go to solution
shaileshtata1
Level 1
Level 1
In response to MHM Cisco World

‎12-04-2023 09:11 PM

1. All Ethernet ports L2 switch ports only. Can i have 02 different VLANs : One for IPv4 & another IPv6 and route them , Then it shall work .

thanks in advance for the response 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to shaileshtata1

‎12-04-2023 09:17 PM

Vlan SVI or l3 port NAT64 work in any l3 interface.

MHM

0 Helpful

Go to solution
shaileshtata1
Level 1
Level 1
In response to MHM Cisco World

‎12-04-2023 10:27 PM

But it is working for IPv4 and sometimes for IPv6 also. Why it starts dropping packets. 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to shaileshtata1

‎12-04-2023 10:29 PM

Did you config vlan? 

Share last config 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card