Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
14951
Views
14
Helpful
5
Comments

Stateless IPv6 NAT64 Configuration

williwu
Cisco Employee
Cisco Employee

on ‎02-09-2012 12:31 PM - edited on ‎03-25-2019 02:26 PM by Community Manager

I heard few customers complain that it's difficult to understand NAT64 document http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iad_stateless_nat64_xe.html

, especially it's lack of a network diagram to show the corresponding interface and whereabouts of the IPv4 and IPv6 address. 

This posting is intended to provide a working example along with detail illustration of network diagram.

Network Diagram

Nat64.jpg

Click the image to enlarge

The goal is for IPv4 router R1 to communicate with IPv6 subnet host by R2's F0/1 interface.  Since R1 is IPv4 only device, it does not understand IPv6 address, it need an IPv4 address to communicate to.  In this case, the IPv4 subnet we choose is 192.1.1.0/24.  And nat64 prefix define the stateless NAT64 prefix to be added to the IPv4 hosts to translate the IPv4 address into an IPv6 address.  Please refer to this link for Ipv4-Translatable IPv6 address format. http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iad_stateless_nat64_xe.html#wp1070936

Address Translation Between IPv4 and IPv6:

Destination Translation:

Upon receiving IPv4 packet destination to 192.1.1.1, NAT64 translate the destination IPv4 address into IPv6 address 2001:DB9:0:1::C001:101.  Here, C0010101 is the hexadecimal format of 192.1.1.1.   2001:DB9:0:1::/96 is the pre-defined nat64 prefix from "neat64 prefix stateless" command.

Source Translation:

NAT64 also translate source IPv4 address 192.168.5.2 into IPv6 address 2001:DB9:0:1::C0A8:502. Again, C0A80502 is hexadecimal format of 192.168.5.2.

IPv6 to IPv4 Translation:

Upon receiving return IPv6 Traffic, NAT64 translate source IPv6 address 2001:DB9:0:1::C001:101 back into IPv4 192.1.1.1 and destination IPv6 address 2001:DB9:0:1::C0A8:501 back into IPv4 address 192.168.5.2.

Connectivity Test:

R1#ping 192.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

R2#debug ipv6 icmp

ICMP packet debugging is on

R2#

*Feb 17 22:25:49.842: ICMPv6: Received echo request from 2001:DB9:0:1::C0A8:502

*Feb 17 22:25:49.842: ICMPv6: Sending echo reply to 2001:DB9:0:1::C0A8:502

*Feb 17 22:25:49.842: ICMPv6: Received echo request from 2001:DB9:0:1::C0A8:502

*Feb 17 22:25:49.842: ICMPv6: Sending echo reply to 2001:DB9:0:1::C0A8:502

*Feb 17 22:25:49.842: ICMPv6: Received echo request from 2001:DB9:0:1::C0A8:502

*Feb 17 22:25:49.846: ICMPv6: Sending echo reply to 2001:DB9:0:1::C0A8:502

Other Relevant Output:

ASR1k#sh ipv6 route
IPv6 Routing Table - default - 5 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, R - RIP, I1 - ISIS L1, I2 - ISIS L2
       IA - ISIS interarea, IS - ISIS summary, D - EIGRP, EX - EIGRP external
       ND - Neighbor Discovery
       O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C   2001:FF::/96 [0/0]
     via GigabitEthernet0/0/1, directly connected
L   2001:FF::1/128 [0/0]
     via GigabitEthernet0/0/1, receive
S   2001:DB9:0:1::/96 [1/0]
     via ::42, NVI0
O   2001:DB9:0:1::C001:100/120 [110/2]
     via FE80::20F:35FF:FE2C:9AD9, GigabitEthernet0/0/1
L   FF00::/8 [0/0]
     via Null0, receive

R2#sh ipv6 route
IPv6 Routing Table - 7 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
       U - Per-user Static route
       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C   2001:FF::/96 [0/0]
     via ::, FastEthernet0/0
L   2001:FF::2/128 [0/0]
     via ::, FastEthernet0/0
C   2001:DB9:0:1::C001:100/120 [0/0]
     via ::, FastEthernet0/1
L   2001:DB9:0:1::C001:101/128 [0/0]
     via ::, FastEthernet0/1
S   2001:DB9:0:1::C0A8:502/128 [1/0]
     via 2001:FF::1
L   FE80::/10 [0/0]
     via ::, Null0
L   FF00::/8 [0/0]
     via ::, Null0

122736-R2-nat64.txt.zip
122737-ASR1k-nat64.txt.zip
122738-R1-nat64.txt.zip
Comments
michelbijnsdorp
Level 1
Level 1
‎10-17-2012 05:04 AM

Still I wonder how you do a NAT64 overload with stateless NAT64 (btw NAT64 statefull is working flawless). I configure to following;

NAT64 router: IOS-XR

(Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-IPBASEK9-M), Version 15.2(4)S, RELEASE SOFTWARE (fc4)

ipv6 unicast-routing

interface GigabitEthernet0/0/0

description IPV6 network side

no ip address

negotiation auto

nat64 enable

ipv6 address 2001:888:1F31:2271::90/64

ipv6 enable

ipv6 ospf 1 area 0

!

interface GigabitEthernet0/0/1

description IPV4 network side

ip address 192.168.71.90 255.255.255.0

negotiation auto

nat64 enable

router ospf 1

router-id 192.168.71.255

redistribute static subnets

network 192.168.71.0 0.0.0.255 area 0

!

ipv6 router ospf 1

redistribute static

!

nat64 prefix stateless 2001:888:1F31:FFFF::/96

nat64 route 192.168.72.0/24 GigabitEthernet0/0/0

IPV4-router#sh ip route ospf

O E2 192.168.72.0/24 [110/20] via 192.168.71.90, 01:06:53, Vlan2

IPV6-router#sh ipv6 route ospf

OE2 2001:888:1F31:FFFF::/96 [110/20]

     via FE80::215:62FF:FE7E:E619, Vlan70

NAT64-router# sh ip route

S     192.168.72.0/24 [1/0] via 0.0.0.3, NVI0

NAT64-router# sh ipv6 route

S   2001:888:1F31:FFFF::/96 [1/0] via ::42, NVI0

O   2001:888:1F31:2272::1/128 [110/2]

     via FE80::215:62FF:FE7E:E618, GigabitEthernet0/0/0

NVI0 is up, line protocol is up
  Hardware is NVI
  MTU 9216 bytes, BW 56 Kbit/sec, DLY 5000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation UNKNOWN, loopback not set
  Keepalive not set
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 00:00:10
  Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     8 packets input, 1054 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out


NAT64#sh run int nvi0
Building configuration...

Current configuration : 5 bytes
end

ping from ipv6 to Internnet:

Sending 5, 100-byte ICMP Echos to 2001:888:1F31:FFFF::C0A8:4800, timeout is 2 seconds:

Packet sent with a source address of 2001:888:1F31:2272::1

@@@@@

NAT64#sh nat translations

Proto  Original IPv4         Translated IPv4
       Translated IPv6       Original IPv6
----------------------------------------------------------------------------


Total number of translations: 0

NAT64#sh nat st
NAT64#sh nat statistics
NAT64 Statistics

Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Sessions found: 0
Sessions created: 0
Expired translations: 0
Global Stats:
   Packets translated (IPv4 -> IPv6)
      Stateless: 0
      Stateful: 0
   Packets translated (IPv6 -> IPv4)
      Stateless: 0
      Stateful: 0

Interface Statistics
   GigabitEthernet0/0/0 (IPv4 not configured, IPv6 configured):
      Packets translated (IPv4 -> IPv6)
         Stateless: 0
         Stateful: 0
      Packets translated (IPv6 -> IPv4)
         Stateless: 0
         Stateful: 0
      Packets dropped: 9
   GigabitEthernet0/0/1 (IPv4 configured, IPv6 not configured):
      Packets translated (IPv4 -> IPv6)
         Stateless: 0
         Stateful: 0
      Packets translated (IPv6 -> IPv4)
         Stateless: 0
         Stateful: 0
      Packets dropped: 0
Dynamic Mapping Statistics
   v6v4
Limit Statistics

SO I can see the dropped packets from IPv6 towards a Internet based IP address or local based IP address?

Thanks in advance,,

Michel

williwu
Cisco Employee
Cisco Employee
‎10-23-2012 05:01 PM

You mean to aggregate many IPv6 users into a single IPv4 addres?  If so, stateful NAT64 is required. 

michelbijnsdorp
Level 1
Level 1
‎10-24-2012 02:15 AM

Hi Yi Wu,

"You mean to aggregate many IPv6 users into a single IPv4 addres?" That's correct and it is working with statefull NAT64, but is it also supported with stateless NAT64?

xie xie ni,

Kind regards,

Michel

williwu
Cisco Employee
Cisco Employee
‎10-24-2012 10:54 AM

Hi Michel,

See this white paper, http://www.cisco.com/en/US/partner/prod/collateral/iosswrel/ps6537/ps6553/white_paper_c11-676277.html

It's not possible to aggregate many IPv6 addresses into a single IPv4 address with stateless NAT64.  As stateless NAT64 requires the algorithmic binding between IPv6 address and IPv4 address, it's one to one mapping.

Thanks,

William Wu

perkin
Level 1
Level 1
‎01-03-2019 03:09 PM

 Hello from seven years later.....

 

this is the best article even clear than the NAT official pages which the last edit is OCT 2018..

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/iadnat64-stateless.html

 

I was totally confused with the link I attached, but your example is good to tell the important fact, 

nat64 prefix will translate both side inside local to inside global (classic cisco NAT terminology)

 

but I still not sure any difference between stateful "NAT64" and "ipv6 nat" ...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents