满天星 发表于 2011-5-15 17:54:38

在Cisco路由器上配置Stateless NAT64

注意:本文中列举的Cisco NAT64属于Stateless NAT64,与Stateful NAT64有较大的区别,请务必明确!
支持Stateless NAT64的版本为:Cisco IOS XE Release 3.2S(Cisco ASR 1000Series)

Stateless NAT64是根据IP/ICMP Translation Algorithm:RFC 6145而来
(Cisco 2010年11月发布时还处于Draft阶段),不文就不讨论具体的协议原理和区别,仅关注Cisco设备上的配置思路和步骤等。

与此相关的RFC文档主要有:
Framework for IPv4/IPv6 Translation:RFC 6144
IP/ICMP Translation Algorithm:RFC 6145
DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers:RFC 6147
IPv6 Addressing of IPv4/IPv6 Translators:RFC 6052

基本组网图:

各接口的IP地址、前缀长度及NAT64 Prefix等如上图所示
DNS64服务器及其相关的配置不在本文中讨论,本文仅涉及Cisco设备中Stateless NAT64的部署与配置

基本配置步骤
1. enable
2. configure terminal
3. ipv6 unicast-routing
4. interface type number
5. description string
6. ipv6 enable
7. ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}
8. nat64 enable//说明:在接口上使能Stateless NAT64转换
9. exit
10. interface type number
11. description string
12. ip address ip-address mask
13. nat64 enable//说明:在接口上使能Stateless NAT64转换
14. exit
15. nat64 prefix stateless ipv6-prefix/length//说明:配置Stateless NAT64转换中使用的Prefix及prefix length
16. nat64 route ipv4-prefix/mask interface-name number    //说明:将该IPv4网段的路由转发至IPv6接口做Stateless NAT64转换
17. end配置过程Example:Router> enable
Router# configure terminal
Router(config)# ipv6 unicast-routing
Router(config)# interface giabitethernet0/0/0
Router(config-if)# description interfacetowards ipv4 side
Router(config-if)# ipv6 enable
Router(config-if)# ipv6 address 2001:db8::1/64
Router(config-if)# nat64 enable
Router(config-if)# exit
Router(config)# interface giabitethernet0/0/1
Router(config-if)# description interface towards ipv6 side
Router(config-if)# ip address 192.0.2.1255.255.255.0
Router(config-if)# nat64 enable
Router(config-if)# exit
Router(config)# nat64 prefix stateless2001:db8:1:1::/96
Router(config)# nat64 route 192.0.2.0/24gigabitethernet0/0/0
Router(config)# endStateless NAT64相关的完整配置如下:ipv6 unicast-routing
!
interface GigabitEthernet0/0/0
description interface towards ipv6 side
ipv6 address 2001:db8::1/64
ipv6 enable
nat64 enable
!
interface GigabitEthernet0/0/1
description interface towards ipv4 side
ip address 192.0.2.1255.255.255.0
nat64 enable
!
nat64 prefix stateless 2001:db8:1:1:/96
nat64 route 192.0.2.0/24 GigabitEthernet0/0/0StatelessNAT64相关的其它命令:Step 1 show nat64 statistics
Step 2 show ipv6 route
Step 3 show ip route
Step 4 debug nat64 {all | ha {all | info | trace | warn} | id-manager | info | issu {all | message | trace} |
memory | statistics | trace | warn}
Step 5 ping ] {host-name | system-address}Router# show nat64 statistics
NAT64 Statistics
Global Stats:
Packets translated (IPv4 -> IPv6): 21
Packets translated (IPv6 -> IPv4): 15
GigabitEthernet0/0/0 (IPv4 configured, IPv6 configured):
Packets translated (IPv4 -> IPv6): 0
Packets translated (IPv6 -> IPv4): 5
Packets dropped: 0
GigabitEthernet0/0/1 (IPv4 configured, IPv6 configured):
Packets translated (IPv4 -> IPv6): 5
Packets translated (IPv6 -> IPv4): 0
Packets dropped: 0
页: [1]
查看完整版本: 在Cisco路由器上配置Stateless NAT64