Pages

2017 CCNP RS, NAT64 lab



Source:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/nat-xe-3s-book/iadnat-stateful-nat64.pdf

NAT64 topology


HOSTS
VPCS> set pcname ipv4
ipv4> ip 10.0.0.2/24 10.0.0.1
ipv4> show ip
NAME : ipv4[1]
IP/MASK : 10.0.0.2/24
GATEWAY : 10.0.0.1
!
ipv4> ping 10.0.0.1
10.0.0.1 icmp_seq=1 timeout
84 bytes from 10.0.0.1 icmp_seq=2 ttl=255 time=3.623 ms
84 bytes from 10.0.0.1 icmp_seq=3 ttl=255 time=1.647 ms
VPCS> set pcname ipv6
ipv6> ip 2001:DB8:1::2/96 2001:DB8:1::1
ipv6> show ipv6
ipv6> show ipv6
NAME : ipv6[1]
LINK-LOCAL SCOPE : fe80::250:79ff:fe66:680b/64
GLOBAL SCOPE : 2001:db8:1::2/96
!
ipv6> ping 2001:db8:1::1
2001:db8:1::1 icmp6_seq=1 ttl=64 time=2.936 ms
2001:db8:1::1 icmp6_seq=2 ttl=64 time=1.619 ms

ROUTER NAT64
2001:DB8:1::1/96 network range
2001:0db8:0001:0000:0000:0000:0000:0000-
2001:0db8:0001:0000:0000:0000:ffff:ffff

hostname NAT64
ipv6 unicast-routing
!
interface Gi0/1
 description -=interface facing ipv6
 no sh
 no ip address
 ipv6 address  2001:DB8:1::1/96
 ipv6 enable
 nat64 enable
!
interface Gi0/0
 description -=interface facing ipv4
 no sh
 ip address 10.0.0.1 255.255.255.0
 nat64 enable
!


NAT64 static:
!
! The Stateful NAT64 translator translates the source IP address to IPv6 by using the Stateful NAT64 prefix (if a stateful prefix is configured)
! or the Well Known Prefix (WKP) (if a stateful prefix is not configured).

! nat64 prefix stateful 3001::/96
! nat64 prefix stateful 2001:DB8:1::1/96

! if not configured:
Router#show nat64 prefix  stateful global
Global Stateful Prefix: 64:FF9B::/96


! if it is received an IPv4 packet with destination 10.0.0.3 will translated to 2001:DB8:1::2
nat64 v6v4 static 2001:DB8:1::2 10.0.0.3


NAT64 dynamic example:
!
! Dynamically translates an IPv6 source address to an IPv6 source address
! and an IPv6 destination address to an IPv4 destination address for NAT64.
Device(config)# nat64 prefix stateful 2001:DB8:1::1/96

Device(config)# ipv6 access-list nat64-acl
Device(config-ipv6-acl)# permit ipv6 2001:DB8:2::/96 any
              ! nat64 v4 pool <pool-name> <start-ip-address> <end-ip-address>
Device(config)# nat64 v4 pool pool1 209.165.201.1 209.165.201.254

           
Device(config)# nat64 v6v4 list nat64-acl pool pool1


NAT64 check:

NAT64# debug ip icmp
NAT64# debug ipv6 icmp

ipv4>  ping 10.0.0.3
84 bytes from 10.0.0.3 icmp_seq=1 ttl=62 time=2.954 ms

19:52:31.123645 10.0.0.2 ICMP 10.0.0.3 Echo (ping) request  id=0x5f2e, seq=1/256, ttl=64 (reply in 4) ICMP
19:52:31.133602 10.0.0.3 ICMP 10.0.0.2 Echo (ping) reply    id=0x5f2e, seq=1/256, ttl=62 (request in 3) ICMP

ipv6>
19:50:06.834964 64:ff9b::a00:2 ICMPv6 2001:db8:1::2 Echo (ping) request id=0xce2d, seq=1, hop limit=63 (reply in 4)
19:50:06.835044 2001:db8:1::2 ICMPv6 64:ff9b::a00:2 Echo (ping) reply id=0xce2d, seq=1, hop limit=63 (request in 3)

Global Stateful Prefix: 64:FF9B::/96
nat64 v6v4 static 2001:DB8:1::2 10.0.0.3


host 'ipv4' can reach host 'ipv6' by IP=10.0.0.3

Steps host 'ipv4' pings host 'ipv6':
1) host 'ipv4' send: s:10.0.0.2  d:10.0.0.3
2) ROUTER NAT64 translate:     s:10.0.0.2  d:10.0.0.3  => s:64:ff9b::a00:2 d:2001:DB8:1::2
3) host ipv6 receive: s:64:ff9b::a00:2 d:2001:DB8:1::2

show nat64 translations
show nat64 statistics



NAT64#show nat64 translationsProto   Original IPv4           Translated IPv4
        Translated IPv6         Original IPv6
--------------------------------------------------------
icmp    10.0.0.2:40753          [64:FF9B::A00:2]:40753
        10.0.0.3:40753          [2001:DB8:1::2]:40753
icmp    10.0.0.2:41009          [64:FF9B::A00:2]:41009
        10.0.0.3:41009          [2001:DB8:1::2]:41009
---     ---                     ---
        10.0.0.3                2001:DB8:1::2
Total number of translations: 3
NAT64#


NAT64#show nat64 statisticsNAT64 Statistics
Number of NAT64 enabled interfaces: 2
Number of packets translated by stateless NAT64:
        Packets translated (IPv4 -> IPv6): 0
        Packets translated (IPv6 -> IPv4): 0
Number of packets translated by stateful NAT64:
        Packets translated (IPv4 -> IPv6): 13
        Packets translated (IPv6 -> IPv4): 17
Number of packets translated by MAP-T:
        Packets translated (IPv4 -> IPv6): 0
        Packets translated (IPv6 -> IPv4): 0
Number of packets processed by MAP-E:
        Packets processed (IPv4 -> IPv6): 0
        Packets processed (IPv6 -> IPv4): 0
Global Statistics
Prefix: 64:FF9B::/96
        Packets translated (IPv4 -> IPv6): 12
        Packets translated (IPv6 -> IPv4): 1
        Packets dropped: 0
Interface Statistics
Total active translations: 1(1 static, 0 dynamic,0 extended)
Active sessions: 2
Number of expired entries: 29
Number of packets:
CEF Translated: 15       CEF Punted packets: 10
Dropped: 29
Hits: 18        Misses: 41
Dynamic Mapping Statistics
Limit Statistics
        Maximum entries limit not configured
NAT64#