- Introduction
- Requirements
- Background
- Topology Diagram
- Summary Steps
- Configuration
- Verify Commands
- References
Introduction
Stateful NAT64 is a Network Address Translation mechanism for translating IPv6 addresses to IPv4 addresses, and IPv4 addresses to IPv6 addresses. Like NAT44, it is called stateful because it creates or modifies bindings or session state while performing translation. It supports both IPv6-initiated and IPv4-initiated communications using static or manual mappings. In this document, stateful NAT64 uses static IPv6 to IPv4 mapping for address translations.
Requirements
- Understanding of IPv6 Addressing Scheme
Understanding NAT64
Background
In this configuration example, routers R1,R2 and R3 are connected via fast Ethernet interface.Loopback addresses are configured to generate networks.
The router R1 is IPv6only router which runs RIPv6 with the ASR (Router R2).Similarly the router R3 is IPv4 only router that uses OSPF to communicate with the ASR. The network address translations happen in ASR router using static IPv6 to IPv6 mappings.
Note: All configurations are tested in a lab environment on Cisco 2800 Routers operating on Cisco IOS 15.2 and ASR operating on Cisco IOS-XE 15.1(3)S4version.
Topology Diagram
Summary Steps
NAT64 Interface Configuration
- ipv6 address <Specify an IPv6 address>
- nat64 enable
- exit
NAT64 Mapping Configuration
- enable
- configure terminal
- nat64 prefix stateful <prefix>
Note: The above command enables the router to translate the source IP address to IPv6 by using the Stateful NAT64 prefix
4. nat64 v6v4 <static> <ipv6-address ipv4-address>
5. exit
Configuration
Router R1
IPv6 Only Router
Router R2
ASR Router
Router R3
IPv4 Only Router
IPv6 Only_Router R1#show run ! version 15.2 ! hostname IPv6 Only_Router R1 ! ! ip cef ipv6 unicast-routing ipv6 cef ! ! interface Loopback0 no ip address ipv6 address AB00::1/128 ipv6 rip RIP enable ! interface Loopback1 no ip address ipv6 address AB01::1/128 ipv6 rip RIP enable ! interface FastEthernet0/0 duplex auto speed auto ipv6 address 2001::A00:A/128 ipv6 rip RIP enable ! ! ipv6 router rip RIP ! ! end
|
ASR Router R2#show run
! | IPv4 Only_router R3#show run
|
Verify Commands
Verifying Connectivity Using Ping Command
To verify whether the router R3 (IPv4 only network) is able to reach the router R1(IPv6 only network), use the ping command and verify the translations that happen by debug ipv6 icmp.
In router R3
Try ping router R1(IPv6 only network)which is represented by the IPv4 address 10.0.0.10. Enable debug ip icmp on router R3 and in router R1(IPv6 only network) enable debug ipv6 icmp
R3#debug ip icmp
ICMP packet debugging is on
R1#debug ipv6 icmp
ICMP Packet debugging is on
R3#ping 10.0.0.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R3#
*Sep 8 09:56:22.451: ICMP: echo reply rcvd, src 10.0.0.10, dst 10.0.0.1, topology BASE, dscp 0 topoid 0
*Sep 8 09:56:22.451: ICMP: echo reply rcvd, src 10.0.0.10, dst 10.0.0.1, topology BASE, dscp 0 topoid 0
*Sep 8 09:56:22.455: ICMP: echo reply rcvd, src 10.0.0.10, dst 10.0.0.1, topology BASE, dscp 0 topoid 0
*Sep 8 09:56:22.459: ICMP: echo reply rcvd, src 10.0.0.10, dst 10.0.0.1, topology BASE, dscp 0 topoid 0
*Sep 8 09:56:22.459: ICMP: echo reply rcvd, src 10.0.0.10, dst 10.0.0.1, topology BASE, dscp 0 topoid 0
R1#
*Sep 8 10:48:51.499: ICMPv6: Received echo request, src=3001::A00:1, Dst=2001::A00:A
*Sep 8 10:48:51.499: ICMPv6: Sent echo reply, src=2001::A00:A, Dst=3001::A00:1
*Sep 8 10:48:51.503: ICMPv6: Received echo request, src=3001::A00:1, Dst=2001::A00:A
*Sep 8 10:48:51.503: ICMPv6: Sent echo reply, src=2001::A00:A, Dst=3001::A00:1
*Sep 8 10:48:51.507: ICMPv6: Received echo request, src=3001::A00:1, Dst=2001::A00:A
*Sep 8 10:48:51.507: ICMPv6: Sent echo reply, src=2001::A00:A, Dst=3001::A00:1
*Sep 8 10:48:51.511: ICMPv6: Received echo request, src=3001::A00:1, Dst=2001::A00:A
*Sep 8 10:48:51.511: ICMPv6: Sent echo reply, src=2001::A00:A, Dst=3001::A00:1
*Sep 8 10:48:51.511: ICMPv6: Received echo request, src=3001::A00:1, Dst=2001::A00:A
*Sep 8 10:48:51.515: ICMPv6: Sent echo reply, src=2001::A00:A, Dst=3001::A00:1
From the above debug output, you can see that the router R3(IPv4 only Router) is able to reach the router R1(IPv6 only router) using the static IPv4 address that we have assigned i.e.using 10.0.0.10
Similarly the router R1(IPv6 only router) debug output shows that the ICMP request is received from 3001::A00:1 which is nothing but the IPv4 address 10.0.0.1 when converted to hexadecimal becomes A00:1 and is added to the prefix 3001::/.In other words the IPv4 address 10.0.0.1 is translated to 3001::A00:1 when reaching the IPv6 enabled network.
The following show commands can be used to see NAT64 translations that happen in ASR router
Show nat64 mappings static
To display the information about the Network Address Translation 64 (NAT64) static mappings, use this command.
ASR Router R2#show nat64 mappings static
Static mappings configured: 1
Direction Protocol Address (Port, if any)
Non-key Address (Port, if any)
v6v4 --- 2001::A00:A
10.0.0.10
Show nat64 adjacency ipv6
This command displays the information about the Network Address Translation 64 (NAT64) managed adjacencies.
ASR Router R2#show nat64 adjacency ipv6
Adjacency Counts
Stateless Prefix Adjacencies: 0
Stateless Prefix Adjacency Ref Count: 0
v4v6 Stateless Prefix Adjacencies: 0
v4v6 Stateless Prefix Adjacency Ref Count: 0
v6v4 Stateless Prefix Adjacencies: 0
v6v4 Stateless Prefix Adjacency Ref Count: 0
Stateful Prefix Adjacencies: 1
Stateful Prefix Adjacency Ref Count: 1
IPv6 Well-Known Prefix Adjacencies: 1
IPv6 Well-Known Prefix Adjacency Ref Count: 1
IPv6 Static Mapping Adjacencies: 0
IPv6 Static Mapping Adjacency Ref Count: 0
IPv4 Route Adjacencies: 0
Adjacencies
Stateful Prefix: ::100.0.0.1
IPv6 Well-Known Prefix: ::100.0.0.2
IPv6 Stateful Mask: ::100.0.0.0
Show nat64 prefix stateful
Using this command, you can check the information about Network Address Translation 64 (NAT64) stateful prefixes. Global prefixes, nat64 configured intrerfaces and prefix static-routes will be displayed.
ASR Router R2#show nat64 prefix stateful global (Displays the global prefixes)
Global Stateful Prefix: is valid, 3001::/96
IFs Using Global Prefix
Fa0/2/6
Fa0/2/7
ASR Router R2#show nat64 prefix stateful static-routes (Displays the static-routes)
Stateful Prefixes
NAT64 Prefix
Static Route Ref-Count
3001::/96
1
ASR Router R2#show nat64 prefix stateful interfaces (Displays the nat64 enabled interfaces)
Stateful Prefixes
Interface
NAT64 Enabled Global Prefix
FastEthernet0/2/6
TRUE TRUE 3001::/96
FastEthernet0/2/7
TRUE TRUE 3001::/96
Show nat64 statistics
To display Network Address Translation 64 (NAT64) packet count statistics use this command
ASR Router R2#show nat64 statistics
NAT64 Statistics
Total active translations: 1 (1 static, 0 dynamic; 0 extended)
Sessions found: 142
Sessions created: 16
Expired translations: 16
Global Stats:
Packets translated (IPv4 -> IPv6)
Stateless: 0
Stateful: 79
Packets translated (IPv6 -> IPv4)
Stateless: 0
Stateful: 79
Interface Statistics
FastEthernet0/2/6 (IPv4 configured, IPv6 not configured):
Packets translated (IPv4 -> IPv6)
Stateless: 0
Stateful: 79
Packets translated (IPv6 -> IPv4)
Stateless: 0
Stateful: 0
Packets dropped: 0
FastEthernet0/2/7 (IPv4 not configured, IPv6 configured):
Packets translated (IPv4 -> IPv6)
Stateless: 0
Stateful: 0
Packets translated (IPv6 -> IPv4)
Stateless: 0
Stateful: 79
Packets dropped: 0
Dynamic Mapping Statistics
v6v4
References
- NAT64 Technology: Connecting IPv6 and IPv4 Networks
- NAT64—Stateless versus Stateful
- Stateful Network Address Translation 64
- Stateless IPv6 NAT64 Configuration
- IP Version 6 (IPv6) - Cisco Systems
- Cisco IOS IPv6 Command Reference
- IPv6 - Frequently Asked Questions
Routing Information Protocol
