{"id":5621,"date":"2021-06-10T15:54:11","date_gmt":"2021-06-10T13:54:11","guid":{"rendered":"https:\/\/nil.uniza.sk\/?p=5621"},"modified":"2021-11-23T12:52:30","modified_gmt":"2021-11-23T11:52:30","slug":"simple-statefull-nat64-configuration-example","status":"publish","type":"post","link":"https:\/\/nil.uniza.sk\/en\/simple-statefull-nat64-configuration-example\/","title":{"rendered":"Statefull NAT64 – simple configuration example on Cisco routers"},"content":{"rendered":"

The example shows a simplified configuration of a Statefull NAT64 demo, without DNS64. I instruct the stateful NAT64 router (CSR-1 – CSR100v) to translate IPv6 packets into IPv4 packets (and vice versa) using algorithmic mapping (defined by RFC 6052<\/a>) of IPv4 addresses of IPv4 routers to and from IPv6 addresses by using manually defined IPv6 prefix 2001:db8::\/96). In a similar manner, the IPv6 addresses of IPv6 routes are translated to and from IPv4 addresses.<\/p>\n\n\n\n

Topology<\/h2>\n\n\n\n
\"\"<\/figure>\n\n\n\n

R1\/R2 run 7200 IOS image., R1 is pure IPv4 router, on the other site, R2 is IPv6 only.<\/p>\n\n\n\n

CSR-1 is CSR1000v router running NAT64 (7200 IOS does not support NAT64).<\/p>\n\n\n\n

Initial configuration<\/h2>\n\n\n\n

Initial configuration includes the setting of basic IP addressing, enabling the IPv6 routing, and specifying static routes.<\/p>\n\n\n\n

R1<\/td>CSR<\/td>R2<\/td><\/tr>
enable
conf t
hostname v4-Only
int fa 0\/0
ip address 192.168.1.1 255.255.255.0
no shut
exit
ip route 0.0.0.0 0.0.0.0 fa0\/0 192.168.1.2
end<\/td>		enable
conf t
hostname NAT64
ipv6 unicast-routing
int g1
ip address 192.168.1.2 255.255.255.0
no shut
int gi 2
ipv6 add 2001:FEFE::2\/64
ipv6 address FE80::2 link-local
no shut
end<\/td>		enable
conf t
hostname v6-Only
ipv6 unicast-routing
int fa0\/0
ipv6 add 2001:FEFE::3\/64
ipv6 address FE80::3 link-local
no shut
exit
ipv6 route ::\/0 fa0\/0 2001:FEFE::2
end<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

<\/p>\n\n\n\n

<\/pre>\n\n\n\n
Configuration of NAT64<\/h2>\n\n\n\n
Case 1) Address NAT64 translation with a pool of IPv4 addresses<\/h3>\n\n\n\n
In this example, we are using manually defined IPv6 prefix 2001:db8::\/96 and pool of IPv4 addresses <158.193.1.1 158.193.1.10><\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
<\/p>\n\n\n\n
!configuration of NAT64\/Port NAT64\n ena\n conf t\n int gi 1\n   ! Enables Stateful NAT64 translation\n   nat64 enable\n   exit\n int gi 2\n   ! Enables Stateful NAT64 translation\n   nat64 enable\n   exit\n !\n ! Defines an IPv6 access list, that controlls the translation\n ipv6 access-list NAT-64-ACL\n     permit ipv6 2001:FEFE::\/64 2001:db8::\/96\n !\n ! define IPv6 prefix used for NAT64 translation purposes\n nat64 prefix stateful 2001:db8::\/96\n!\n! define IPv4 address pool used for NAT64 translation purposes\nnat64 v4 pool NAT64-POOL 158.193.1.1 158.193.1.10\n ! \n ! NAT64 translation\n nat64 v6v4 list NAT-64-ACL pool NAT64-POOL<\/pre>\n\n\n\n
Verification <\/h4>\n\n\n\n
Simple ping from v6-Only router to 192.168.1.1 of v4-Only  router:<\/p>\n\n\n\n
v6-Only#ping 2001:db8::192.168.1.1<\/span><\/strong>\nType escape sequence to abort.\nSending 5, 100-byte ICMP Echos to 2001:DB8::C0A8:101<\/span>, timeout is 2 seconds:\n!!!!!\nSuccess rate is 100 percent (5\/5), round-trip min\/avg\/max = 8\/8\/8 ms<\/pre>\n\n\n\n
and watch NAT64 translation table:<\/p>\n\n\n\n
NAT64(config)# do sh nat64 tranlation\n Proto  Original IPv4         Translated IPv4\n        Translated IPv6       Original IPv6\n illegal ---                   ---\n        158.193.1.1           2001:fefe::3\n icmp   192.168.1.1:609       [2001:db8::c0a8:101]:609\n        158.193.1.1:609       [2001:fefe::3]:609\n Total number of translations: 2<\/pre>\n\n\n\n
Case 2) Port address NAT64 translation with a pool of IPv4 addresses<\/h3>\n\n\n\n
Just replace<\/p>\n\n\n\n
 ! NAT64 translation\n no nat64 v6v4 list NAT-64-ACL pool NAT64-POOL<\/pre>\n\n\n\n
with<\/p>\n\n\n\n
 ! Port NAT64 translation\n nat64 v6v4 list NAT-64-ACL pool NAT64-POOL overload<\/span><\/pre>\n\n\n\n
Case 3) Static address NAT64 translation<\/h3>\n\n\n\n
Configure NAT64 as mentioned previously and add a static NAT mapping. If the IPv4 pool is used, the IPv4 address used for mapping must be out of the pool.<\/p>\n\n\n\n
nat64 v6v4 static 2001:FEFE::3 158.193.1.11<\/pre>\n\n\n\n
Verification<\/h4>\n\n\n\n
v6-Only#ping 2001:db8::192.168.1.2\n Type escape sequence to abort.\n Sending 5, 100-byte ICMP Echos to 2001:DB8::C0A8:102, timeout is 2 seconds:\n !!!!!\n Success rate is 100 percent (5\/5), round-trip min\/avg\/max = 4\/16\/44 ms<\/pre>\n\n\n\n
and <\/p>\n\n\n\n
NAT64(config)#do sh nat64 tra\n Proto  Original IPv4         Translated IPv4\n        Translated IPv6       Original IPv6\n illegal ---                   ---\n\n icmp   192.168.1.2:736       [2001:db8::c0a8:102]:736\n        158.193.1.11:736      [2001:fefe::3]:736<\/pre>\n\n\n\n
Case 4) Using Well Known Prefix<\/h3>\n\n\n\n
Cisco documentation claims that:<\/p>\n\n\n\n
The Well Known Prefix 64:FF9B::\/96 is supported for Stateful NAT64. During a stateful translation, if no stateful prefix is configured (either on the interface or globally), the WKP prefix is used to translate the IPv4 host addresses.<\/p><\/blockquote>\n\n\n\n
But this use case does not work for me.<\/p>\n\n\n\n
Other verification commands<\/h2>\n\n\n\n
show nat64 aliases [lower-address-range upper-address-range]\nshow nat64 logging\nshow nat64 prefix stateful {global | {interfaces | static-routes} [prefix ipv6-address\/prefix-length]}\nshow nat64 timeouts\n<\/pre>","protected":false},"excerpt":{"rendered":"
The example shows a simplified configuration of a Statefull NAT64 demo, without DNS64. I instruct the stateful NAT64 router (CSR-1 – CSR100v) to translate IPv6 packets into IPv4 packets (and vice versa) using algorithmic mapping (defined by RFC 6052) of IPv4 addresses of IPv4 routers to and from IPv6 addresses by using manually defined IPv6…<\/p>","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[681,1465],"tags":[],"class_list":["post-5621","post","type-post","status-publish","format-standard","hentry","category-ipv6-en","category-practical_-_cisco-ipv6-ipv4_en"],"taxonomy_info":{"category":[{"value":681,"label":"IPv6"},{"value":1465,"label":"IPv6-IPv4"}]},"featured_image_src_large":false,"author_info":{"display_name":"palo73","author_link":"https:\/\/nil.uniza.sk\/en\/author\/palo73\/"},"comment_info":17,"category_info":[{"term_id":681,"name":"IPv6","slug":"ipv6-en","term_group":0,"term_taxonomy_id":679,"taxonomy":"category","description":"","parent":0,"count":4,"filter":"raw","cat_ID":681,"category_count":4,"category_description":"","cat_name":"IPv6","category_nicename":"ipv6-en","category_parent":0},{"term_id":1465,"name":"IPv6-IPv4","slug":"practical_-_cisco-ipv6-ipv4_en","term_group":0,"term_taxonomy_id":1463,"taxonomy":"category","description":"","parent":747,"count":1,"filter":"raw","cat_ID":1465,"category_count":1,"category_description":"","cat_name":"IPv6-IPv4","category_nicename":"practical_-_cisco-ipv6-ipv4_en","category_parent":747}],"tag_info":false,"_links":{"self":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/5621","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/comments?post=5621"}],"version-history":[{"count":0,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/5621\/revisions"}],"wp:attachment":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/media?parent=5621"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/categories?post=5621"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/tags?post=5621"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}