• Introduction
• Requirements
• Background
• Topology Diagram
• Summary Steps
• Configuration
• Verify Commands
• References

Introduction

This document discuss with an example how to configure dynamic overload mapping in NAT64.  The configuration is same as in the dynamic mapping except that in PAT, multiple IPv6 addresses are mapped to single IPv4 addresses. In other words NAT64 Dynamic overload mapping provides N:1 mapping of IPv6 addresses to IPv4 address.

Requirements

• Understanding of IPv6 Addressing Scheme

• Understanding NAT64

   

Background

This network set up has routers R1,R2 and R3 connected via Fast Ethernet interface. Loopback addresses are configured in routers R1 and R3 in order to generate networks.The router R1 is IPv4 router communicates with ASR using RIP.Router R3 is IPv6 router uses RIPv6 to communicate with ASR.The network address translations happen in ASR router by mapping specific translations to specific ports for a given IPv4 address.

Note: All configurations are tested in a lab environment on Cisco 2800 Routers operating on Cisco IOS 15.0 and ASR operating on Cisco IOS-XE 15.1(3)S4version.

Topology Diagram

Summary Steps

NAT64 Interface Configuration

1. ipv6 address <Specify an IPv6 address>
2. nat64 enable
3. exit

NAT64 Dynamic Overload Mapping Configuration

1. enable
2. configure terminal
3. ipv6 access-list <access-list-name>
4. permit ipv6 <ipv6-address >any
5. exit
   
6. nat64 prefix stateful <prefix>

Note: The above command enables the router to translate the source IP address to IPv6 by using the  Stateful NAT64 prefix

   7. nat64 v4 pool <pool-name> <start-ip-address end-ip-address>

   8. nat64 v6v4 list <access-list-name> pool <pool-name> overload

   9. exit

Configuration

Please see attached files for configuration of routers R1, R2 and R3.

IPv4 Router
ASR RouterIPv6 Router

Verify Commands

If you look at the configuration above, it is much similar to the Dynamic Mapping Configuration where the only difference is adding the keyword Overload to the NAT64 configuration statement.

In our case, the IPv6 router can reach all the IPv4 addresses (Loopback address configured) by using single IPv4 address which is 27.1.1.10 configured in NAT64 address pool.

Similarly You can ping from multiple IPv6 addresses (using the source as Loopback address) to the IPv4 side. All the IPv6 addresses will be mapped to single IPv4. In both the cases, specific address is mapped to specific ports. This can be verified with help of ping and debug commands

Verifying Connectivity Using Ping Command

Enable debug commands on both IPv4 and IPv6 routers and verify connectivity using ping command

In router R3

Ping router R1(IPv4 Router) interface fa0/1 and loopback addresses from router R3 (IPv6 router) by converting to their respective HEX format.

IPv6_Router#ping 2001::1414:1402 (HEX format Fa0/1 IPv4 address 20.20.20.2)

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1414:1402, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms

IPv6_Router#ping 2001::f01:10a (HEX format Lo 10 IPv4 address 15.1.1.10)

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::F01:10A, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms

IPv6_Router#ping 2001::1901:10a(HEX format Lo 20 IPv4 address 25.1.1.10)

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1901:10A, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms

IPv6_Router#ping 2001::2301:10a(HEX format Lo 30 IPv4 address 35.1.1.10)

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::2301:10A, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms

The debug ip icmp  command output on IPv4 router is shown below:

IPv4_Router#debug ip icmp
ICMP packet debugging is on
IPv4_Router#
*Dec 20 10:17:16.818: ICMP: echo reply sent, src 20.20.20.2, dst 27.1.1.10, topology BASE, dscp 0 topoid 0

*Dec 20 10:17:28.218: ICMP: echo reply sent, src 15.1.1.10, dst 27.1.1.10, topology BASE, dscp 0 topoid 0

*Dec 20 10:17:40.958: ICMP: echo reply sent, src 25.1.1.10, dst 27.1.1.10, topology BASE, dscp 0 topoid 0

*Dec 20 10:17:50.086: ICMP: echo reply sent, src 35.1.1.10, dst 27.1.1.10, topology BASE, dscp 0 topoid 0

<Output omitted>

From the above output you can see that all the ping replies are directed to single IPv4 address 27.1.1.10 configured in NAT64 address pool

The show nat64 translation command displays the address translations happened in detail.

ASR_Router#show nat64 translation

Proto  Original IPv4         Translated IPv4
       Translated IPv6       Original IPv6
----------------------------------------------------------------------------

icmp   35.1.1.10:4           [2001::2301:10a]:6575
       27.1.1.10:4           [4001::2]:6575
icmp   20.20.20.2:1          [2001::1414:1402]:9615
       27.1.1.10:1           [4001::2]:9615
icmp   25.1.1.10:3           [2001::1901:10a]:4815
       27.1.1.10:3           [4001::2]:4815
icmp   15.1.1.10:2           [2001::f01:10a]:6797
       27.1.1.10:2           [4001::2]:6797

Total number of translations: 4

The above output shows that the different address are mapped to different port and replied are sent to single IPv4 address which is 27.1.1.10

Similarly you can ping the IPv4 side from the configured IPv6 loopback addresses by using the command ping <IPv6 address> source <Interface address> and verify the translation on the ASR router with the command show nat64 translation

IPv6_Router#ping 2001::1414:1402 source lo 10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1414:1402, timeout is 2 seconds:
Packet sent with a source address of 4001::10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms
IPv6_Router#ping 2001::1414:1402 source lo 20

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1414:1402, timeout is 2 seconds:
Packet sent with a source address of 4001::20
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
IPv6_Router#ping 2001::1414:1402 source lo 30

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1414:1402, timeout is 2 seconds:
Packet sent with a source address of 4001::30
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/4 ms
IPv6_Router#ping 2001::1414:1402 source g0/1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1414:1402, timeout is 2 seconds:
Packet sent with a source address of 4001::2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/4 ms

ASR_Router#show nat64 translation

Proto  Original IPv4         Translated IPv4
       Translated IPv6       Original IPv6
----------------------------------------------------------------------------

icmp   20.20.20.2:2          [2001::1414:1402]:6454
       27.1.1.10:2           [4001::20]:6454
icmp   20.20.20.2:4          [2001::1414:1402]:2719
       27.1.1.10:4           [4001::2]:2719
icmp   20.20.20.2:1          [2001::1414:1402]:2001
       27.1.1.10:1           [4001::10]:2001
icmp   20.20.20.2:3          [2001::1414:1402]:3353
       27.1.1.10:3           [4001::30]:3353

Total number of translations: 4

The above output shows that the different IPv6 loopback  addresses are translated to single IPv4 address 27.1.1.10 by mapping them in to different ports.

Some useful show commands that can be used to see NAT64 translations in ASR router

Show nat64 mappings static

This command display the information about the Network Address Translation 64 (NAT64) dynamic mappings, use this command.

ASR_Router#show nat64 mappings dynamic

Dynamic mappings configured: 1

Direction ACL
   Pool                             Flags

v6v4      ACLv6
   pool1                            0x00000001 (overload)

Show nat64 adjacency ipv6

This command displays the information about the Network Address Translation 64 (NAT64) managed adjacencies.

ASR_Router#show nat64 adjacency ipv6

Adjacency Counts

   Stateless Prefix Adjacencies: 0
   Stateless Prefix Adjacency Ref Count: 0
   v4v6 Stateless Prefix Adjacencies: 0
   v4v6 Stateless Prefix Adjacency Ref Count: 0
   v6v4 Stateless Prefix Adjacencies: 0
   v6v4 Stateless Prefix Adjacency Ref Count: 0
   Stateful Prefix Adjacencies: 1
   Stateful Prefix Adjacency Ref Count: 1
   IPv6 Well-Known Prefix Adjacencies: 1
   IPv6 Well-Known Prefix Adjacency Ref Count: 1
   IPv6 Static Mapping Adjacencies: 0
   IPv6 Static Mapping Adjacency Ref Count: 0
   IPv4 Static Mapping Adjacencies: 0
   IPv4 Static Mapping Adjacency Ref Count: 0
   IPv4 Pool Adjacencies: 1
   IPv4 Pool Adjacency Ref Count: 1
   IPv4 Route Adjacencies: 0

Adjacencies

   Stateful Prefix: ::100.0.0.1
   IPv6 Well-Known Prefix: ::100.0.0.2
   IPv6 Stateful Mask: ::100.0.0.0
   IPv4 Pool: 100.0.0.2
   IPv4 Stateful Mask: 100.0.0.0

Show nat64 prefix stateful

Using this command, you can check the information about Network Address Translation 64 (NAT64) stateful prefixes. Global prefixes, nat64 configured intrerfaces and prefix static-routes will be displayed.

ASR_Router#show nat64 prefix stateful global (Displays the global prefixes)

Global Stateful Prefix: is valid, 2001::/96

IFs Using Global Prefix

   Gi0/0/0
   Gi0/0/1

ASR_Router#show nat64 prefix stateful interfaces (Displays the nat64 enabled interfaces)
Stateful Prefixes

Interface
   NAT64 Enabled Global Prefix

GigabitEthernet0/0/0
   TRUE          TRUE   2001::/96
GigabitEthernet0/0/1
   TRUE          TRUE   2001::/96

ASR_Router#show nat64 prefix stateful static-routes (Displays the static-routes)
Stateful Prefixes

NAT64 Prefix
   Static Route Ref-Count

2001::/96
   1

Show nat64 statistics

To display Network Address Translation 64 (NAT64) packet count statistics use this command

ASR_Router#show nat64 statistics
NAT64 Statistics

Total active translations: 1 (0 static, 1 dynamic; 1 extended)
Sessions found: 251
Sessions created: 29
Expired translations: 26
Global Stats:
   Packets translated (IPv4 -> IPv6)
      Stateless: 0
      Stateful: 135
   Packets translated (IPv6 -> IPv4)
      Stateless: 0
      Stateful: 140

Interface Statistics
   GigabitEthernet0/0/0 (IPv4 configured, IPv6 configured):
      Packets translated (IPv4 -> IPv6)
         Stateless: 0
         Stateful: 0
      Packets translated (IPv6 -> IPv4)
         Stateless: 0
         Stateful: 140
      Packets dropped: 0
   GigabitEthernet0/0/1 (IPv4 configured, IPv6 not configured):
      Packets translated (IPv4 -> IPv6)
         Stateless: 0
         Stateful: 135
      Packets translated (IPv6 -> IPv4)
         Stateless: 0
         Stateful: 0
      Packets dropped: 5
Dynamic Mapping Statistics
   v6v4
      access-list ACLv6 pool pool1 refcount 1
         pool pool1:
            start 27.1.1.10 end 27.1.1.10
            total addresses 1, allocated 1 (100%)
            address exhaustion packet count 0
Limit Statistics

References

• NAT64 Technology: Connecting IPv6 and IPv4 Networks
• NAT64—Stateless versus Stateful
• Stateful Network Address Translation 64
• Stateless IPv6 NAT64 Configuration
• IP Version 6 (IPv6) - Cisco Systems
• Cisco IOS IPv6 Command Reference
• IPv6 - Frequently Asked Questions

Routing Information Protocol