Guys, Due to the recent discussion on NAT-PT as shown in the latest VoD, I decided to lab this up and share with you guys. We have the following topology:
R1---3000:B00:FFFF:1::/64---R2---192.168.199.0/24---R4---172.18.30.1/32 R1: IPv6 ONLY with an address of 3000:B00:FFFF:1::1/64 R2: IPv6 address of 3000:B00:FFFF:1::2/64 R2: IPv4 address of 192.168.199.1/24 R4: IPv6 ONLY address of 192.168.199.4/24 R4: Lo0 address of 172.18.30.1/32 R1 ---- R1#sh run int fa0/0 Building configuration... Current configuration : 142 bytes ! interface FastEthernet0/0 no ip address duplex auto speed auto ipv6 address FE80::1 link-local ipv6 address 3000:B00:FFFF:1::1/64 end R1#sh run | i ipv6 route ipv6 route ::/0 3000:B00:FFFF:1::2 R2 ---- R2#sh run int gi0/0 Building configuration... Current configuration : 189 bytes ! interface GigabitEthernet0/0 no ip address duplex auto speed auto media-type sfp negotiation auto ipv6 address FE80::2 link-local ipv6 address 3000:B00:FFFF:1::2/64 ipv6 nat end R2#sh run int gi0/1 Building configuration... Current configuration : 159 bytes ! interface GigabitEthernet0/1 ip address 192.168.199.1 255.255.255.0 ip ospf 1 area 0 duplex auto speed auto media-type rj45 ipv6 enable ipv6 nat end R2#sh run | i ipv6 nat ipv6 nat ipv6 nat ipv6 nat v4v6 source 172.18.30.1 3FFE:B00:FFFF:FFFF::A ipv6 nat v6v4 source 3000:B00:FFFF:1::1 192.168.199.2 ipv6 nat prefix 3FFE:B00:FFFF:FFFF::/96 R4 ---- R4#sh run int fa0/0 Building configuration... Current configuration : 116 bytes ! interface FastEthernet0/0 ip address 192.168.199.4 255.255.255.0 ip ospf 1 area 0 duplex auto speed auto end R4#sh run int lo0 Building configuration... Current configuration : 85 bytes ! interface Loopback0 ip address 172.18.30.1 255.255.255.255 ip ospf 1 area 0 end Now, let's look at what REALLY happens here. Step 1: R1 will ping 3ffe:b00:ffff:ffff::a. This will be sourced from 3000:B00:FFFF:1::1. R1 will send this packet to R2 as that is it's default route Step 2: R2 receives the packet and sees the source address is 3000:B00:FFFF:1::1 and that the destination is in the range for NAT-PT translation. Step 3: R2 creates an IPv4 packet sourced from 192.168.199.2 and destined to 172.18.30.1. The router knows what source to use from the static NAT rule "ipv6 nat v6v4 source 3000:B00:FFFF:1::1 192.168.199.2" It knows what destination to use from the other rule "ipv6 nat v4v6 source 172.18.30.1 3FFE:B00:FFFF:FFFF::A" Just like regular NAT, things here are bi-directional Step 4: R4 receives the packet sourced from 192.168.199.2 and destined to 172.18.30.1. R4 routes the packet to it's loopback address and replies with an ICMP echo-reply. The packet is sourced from 172.18.30.1 and destined to 192.168.199.2 Step 5: R2 receives the packet sourced from 172.18.30.1 and destined to 192.168.199.2 and realizes it must do a NAT-PT translation Step 6: R2 creates an IPv6 packet sourced from 3FFE:B00:FFFF:FFFF::A and destined to 3000:B00:FFFF:1::1. Step 7: R1 receives the packet 3FFE:B00:FFFF:FFFF::A and destined to 3000:B00:FFFF:1::1 We can see this in the following logs: R1: debug ipv6 icmp R2: debug ipv6 nat R4: debug ip icmp R1 ---- /* Here we ping 3ffe:b00:ffff:ffff::a which we have a static NAT-PT entry for in the NAT-PT Prefix range */ R1#ping 3ffe:b00:ffff:ffff::a re 1 Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 3FFE:B00:FFFF:FFFF::A, timeout is 2 seconds: ! Success rate is 100 percent (1/1), round-trip min/avg/max = 4/4/4 ms R1# *Jan 9 23:07:14.169: ICMPv6: Sent echo request, Src=3000:B00:FFFF:1::1, Dst=3FFE:B00:FFFF:FFFF::A *Jan 9 23:07:14.173: ICMPv6: Received echo reply, Src=3FFE:B00:FFFF:FFFF::A, Dst=3000:B00:FFFF:1::1 R2 ---- /* Here we see the ICMP packet being NAT'd both ways. Notice the source AND destination addresses are re-written here */ *Jan 9 23:15:20.501: IPv6 NAT: IPv6->IPv4: icmp src (3000:B00:FFFF:1::1) -> (192.168.199.2), dst (3FFE:B00:FFFF:FFFF::A) -> (172.18.30.1) *Jan 9 23:15:20.505: IPv6 NAT: IPv4->IPv6: src (172.18.30.1) -> (3FFE:B00:FFFF:FFFF::A), dst (192.168.199.2) -> (3000:B00:FFFF:1::1) R4 ---- /* Here we see R4 replying to the ping */ *Feb 9 08:28:24.769: ICMP: echo reply sent, src 172.18.30.1, dst 192.168.199.2 I sincerely hope this helps you guys out. Again, I apologize for the error in the VoD. -- Regards, Joe Astorino CCIE #24347 (R&S) Sr. Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
