Login
- Table of Contents
-
- 07-Layer 3—IP Services Configuration Guide
- 00-Preface
- 01-ARP configuration
- 02-IP addressing configuration
- 03-DHCP configuration
- 04-DNS configuration
- 05-NAT configuration
- 06-NAT66 configuration
- 07-IP forwarding basics configuration
- 08-Fast forwarding configuration
- 09-Multi-CPU packet distribution configuration
- 10-Adjacency table configuration
- 11-IRDP configuration
- 12-IP performance optimization configuration
- 13-UDP helper configuration
- 14-IPv6 basics configuration
- 15-DHCPv6 configuration
- 16-IPv6 fast forwarding configuration
- 17-AFT configuration
- 18-Tunneling configuration
- 19-GRE configuration
- 20-ADVPN configuration
- 21-WAAS configuration
- 22-Lighttpd service configuration
- 23-Web caching configuration
- 24-STUN configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 06-NAT66 configuration | 81.65 KB |
Contents
IPv6 source prefix translation
IPv6 destination prefix translation
Configuring IPv6 source prefix translation
Configuring IPv6 destination prefix translation
Display and maintenance commands for NAT66
Example: Configuring IPv6 source prefix translation
Example: Configuring IPv6 destination prefix translation
Configuring NAT66
Overview
IPv6-to-IPv6 Network Prefix Translation (NPTv6), also known as NAT66, translates the internal IPv6 prefix in the IPv6 packet header to an external IPv6 prefix and vice versa. A device that implements NAT66 translation is called a NAT66 device.
IPv6 source prefix translation
NAT66 source address translation is applicable to the following scenarios:
· Single internal and external network—The NAT66 device is connected to an internal network and an external network. Hosts in the internal network uses locally routed IPv6 prefixes. When an internal host sends packets to access the external network, the NAT66 device translates the source IPv6 address prefix in the packets to a global unicast address prefix.
· Redundancy and load sharing—Multiple NAT66 devices are deployed between two IPv6 networks and they use ECMPs for load sharing. To allow any NAT66 device to process IPv6 traffic among different sites, configure the same source prefix mappings on these NAT66 devices.
· Multihoming—In a multihomed network, NAT66 devices are connected to an internal network and multiple external networks. One internal prefix is mapped to different external prefixes on the NAT66 devices, so that one internal address can be translated to multiple external addresses.
IPv6 destination prefix translation
To allow external users to access internal servers, such as Wed server or FTP server, configure IPv6 destination prefix mappings on the interface connected to the external network.
NAT66 ALG
NAT66 ALG (Application Level Gateway) translates address or port information in the application layer payloads to ensure connection establishment.
For example, an FTP application includes a data connection and a control connection. The IP address and port number for the data connection depend on the payload information of the control connection. This requires NAT66 ALG to translate the address and port information for data connection establishment.
NAT66 ALG supports the following protocol packets: FTP packets and ICMP error messages.
Configuring IPv6 source prefix translation
Restrictions and guidelines
On one interface, the mapping between an internal prefix and an external prefix must be unique.
On different interfaces, different internal prefixes cannot be mapped to the same external prefix.
When you configure source address translation in NO-PAT mode, specify the same IPv6 prefix length before and after NAT66 in a mapping.
The source IPv6 prefix after translation cannot be the same as the external prefix of the NAT66 device or the prefix of the external destination address.
You can configure the global NAT policy to achieve IPv6 source prefix translation. For more information about global NAT policy, see "Configuring NAT."
This feature cannot perform translation on AH or ESP packets.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Configure an IPv6 prefix mapping for IPv6 source address translation.
nat66 prefix source original-ipv6-prefix prefix-length [ vpn-instance original-vpn-instance-name ] translated-ipv6-prefix prefix-length [ vpn-instance translated-vpn-instance-name ] [ pat ]
By default, no IPv6 prefix mappings are configured for IPv6 source address translation.
Configuring IPv6 destination prefix translation
Restrictions and guidelines
On one interface, the mapping between an external prefix and an internal prefix must be unique.
On different interfaces, one external prefix cannot be mapped to different internal prefixes.
The external IPv6 prefix of the internal server cannot be the same as the external prefix of the NAT66 device or the prefix of external hosts that access the internal server.
You can configure the global NAT policy to achieve IPv6 destination prefix translation. For more information about global NAT policy, see "Configuring NAT."
This feature cannot perform translation on AH or ESP packets.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Configure an IPv6 prefix mapping for IPv6 destination address translation.
nat66 prefix destination [ protocol pro-type ] original-ipv6-prefix prefix-length [ global-port ] [ vpn-instance original-vpn-instance-name ] translated-ipv6-prefix prefix-length [ local-port ] [ vpn-instance translated-vpn-instance-name ]
By default, no IPv6 prefix mappings are configured for IPv6 destination address translation.
Display and maintenance commands for NAT66
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
Display all NAT66 configurations. |
display nat66 all |
|
Display NAT66 sessions. |
In standalone mode: display nat66 session [ verbose ] In IRF mode: display nat66 session [ slot slot-number ] [ verbose ] |
|
Display NAT66 statistics. |
In standalone mode: display nat66 statistics [ summary ] In IRF mode: display nat66 statistics [ summary ] [ slot slot-number ] |
|
Delete NAT66 sessions. |
In standalone mode: In IRF mode: reset nat66 session [ slot slot-number ] |
NAT configuration examples
Example: Configuring IPv6 source prefix translation
Network configuration
As shown in Figure 1, internal users use IPv6 prefix FD01:0203:0405::/48 and the internal IPv6 addresses are not routable on the Internet. For internal users to access the FTP server on the Internet, configure IPv6 source prefix translation to translate the internal IPv6 prefix FD01:0203:0405::/48 to external prefix 2001:0DF8:0001::/48.
Procedure
# Assign IPv6 addresses to interfaces and configure routes. Make sure the network connections are available. (Details not shown.)
# Configure an IPv6 source prefix mapping from FD01:0203:0405::/48 to FD01:0203:0405::/48.
<Device> system-view
[Device] interface gigabitethernet 1/0/2
[Device-GigabitEthernet1/0/2] nat66 prefix source fd01:0203:0405:: 48 2001:0df8:0001:: 48
[Device-GigabitEthernet1/0/2] quit
Verifying the configuration
# Verify that internal hosts can access the FTP server. (Details not shown.)
# Verify NAT66 configurations.
[Device] display nat66 all
NAT66 source information:
Totally 1 source rules.
Interface(outbound): GigabitEthernet1/0/2
Original prefix/prefix-length: FD01:203:405::/48
Translated prefix/prefix-length: 2001:DF8:1::/48
# Verify that NAT66 sessions are established.
<Device> display nat66 session verbose
Slot 1:
Initiator:
Source IP/port: FD01:203:405::1/56002
Destination IP/port: 2001:DC8:1::100/21
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: TCP(6)
Inbound interface: GigabitEthernet1/0/1
Responder:
Source IP/port: 2001:DC8:1::100/21
Destination IP/port: 2001:DF8:1:D50F::1/56002
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: TCP(6)
Inbound interface: GigabitEthernet1/0/2
State: TCP_ESTABLISHED
Application: FTP
Rule ID: 1
Rule name: 1
Start time: 2018-12-06 14:48:31 TTL: 3597s
Initiator->Responder: 0 packets 0 bytes
Responder->Initiator: 0 packets 0 bytes
Total sessions found: 1
Example: Configuring IPv6 destination prefix translation
Network configuration
As shown in Figure 2, the internal IPv6 address of FTP server is FD01:0203:0405::100/48. The internal prefix is FD01:0203:0405::/48. Configure destination IPv6 prefix translation to allow the FTP server to use IPv6 address 2001:AB01:0001::1 to provide services for external users.
Procedure
# Assign IPv6 addresses to interfaces and configure routes. Make sure the network connections are available. (Details not shown.)
# Configure an IPv6 destination prefix mapping from 2001:AB01:0001::1/128 to FD01:0203:0405::100/128.
<Device> system-view
[Device] interface gigabitethernet 1/0/2
[Device-GigabitEthernet1/0/2] nat66 prefix destination 2001:ab01:1::1 128 fd01:203:405::100 128
[Device-GigabitEthernet1/0/2] quit
Verifying the configuration
# Verify that external hosts can access the FTP server. (Details not shown.)
# Verify NAT66 configurations.
[Device] display nat66 all
NAT66 destination information:
Totally 1 destination rules.
Interface(inbound): GigabitEthernet1/0/2
Original prefix/prefix-length: 2001:AB01:1::1/128
Translated prefix/prefix-length: FD01:203:405::100/128
# Verify that NAT66 sessions are established.
[Device] display nat66 session verbose
Slot 1:
Initiator:
Source IP/port: 2001:DC8:1::100/9025
Destination IP/port: 2001:AB01:1::1/21
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: TCP(6)
Inbound interface: GigabitEthernet1/0/2
Responder:
Source IP/port: FD01:203:405::100/21
Destination IP/port: 2001:DC8:1::100/9025
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: TCP(6)
Inbound interface: GigabitEthernet1/0/1
State: TCP_ESTABLISHED
Application: FTP
Rule ID: 1
Rule name: 1
Start time: 2018-12-06 14:56:03 TTL: 3579s
Initiator->Responder: 0 packets 0 bytes
Responder->Initiator: 0 packets 0 bytes
Total sessions found: 1
