DS-Lite NAT444 configuration example
Network requirements
As shown in Figure 69, configure DS-Lite tunneling and NAT to allow the DS-Lite host to access the IPv4 network over the IPv6 network.
Figure 69: Network diagram
Configuration procedure
Before configuration, make sure the DS-Lite host and AFTR can reach each other through IPv6.
Configure the AFTR:
# Specify an IPv4 address for GigabitEthernet 1/0/1.
<Router> system-view [Router] interface gigabitethernet 1/0/1 [Router-GigabitEthernet1/0/1] ip address 20.1.1.1 24 [Router-GigabitEthernet1/0/1] quit
# Specify an IPv6 address for GigabitEthernet 1/0/2.
[Router] interface gigabitethernet 1/0/2 [Router-GigabitEthernet1/0/2] ipv6 address 1::2 64 [Router-GigabitEthernet1/0/2] quit
# Create a tunnel interface on the AFTR.
[Router] interface tunnel 2 mode ds-lite-aftr
# Specify an IP address for the tunnel interface.
[Router-Tunnel2] ip address 30.1.2.2 255.255.255.0
# Specify GigabitEthernet 1/0/2 as the source interface for the tunnel.
[Router-Tunnel2] source gigabitethernet 1/0/2 [Router-Tunnel2] quit
# Enable DS-Lite tunneling on GigabitEthernet 1/0/1.
[Router] interface gigabitethernet 1/0/1 [Router-GigabitEthernet1/0/1] ds-lite enable [Router-GigabitEthernet1/0/1] quit
# Create public address group 0.
[Router] nat address-group 0
# Add public IP addresses 20.1.1.11 and 20.1.1.12 to the NAT address group.
[Router-address-group-0] address 20.1.1.11 20.1.1.12
# Configure the port range as 1024 to 65535.
[Router-address-group-0] port-range 1024 65535
# Set the port block size to 300.
[Router-address-group-0] port-block block-size 300 [Router-address-group-0] quit
# Configure an IPv6 ACL to identify packets from subnet 1::/64.
[Router] acl ipv6 basic 2100 [Router-acl-ipv4-basic-2100] rule permit source 1::/64 [Router-acl-ipv4-basic-2100] quit
# Configure DS-Lite NAT444 on GigabitEthernet 1/0/1.
[Router] interface gigabitethernet 1/0/1 [Router-GigabitEthernet1/0/1] nat outbound ds-lite-b4 2100 address-group 0 [Router-GigabitEthernet1/0/1] quit
Configure the DS-Lite host:
# Configure the IPv4 and IPv6 addresses of the DS-Lite host as 10.0.0.1 and 1::1/64. (Details not shown.)
# Configure a static route to the destination IPv4 network. (Details not shown.)
Verifying the configuration
# Use the display tunnel interface command to verify that the tunnel interface is up on the AFTR. (Details not shown.)
# Verify that the DS-Lite host can ping the IPv4 application server.
C:\> ping 20.1.1.2
Pinging 20.1.1.2 with 32 bytes of data:
Reply from 20.1.1.2: bytes=32 time=51ms TTL=255
Reply from 20.1.1.2: bytes=32 time=44ms TTL=255
Reply from 20.1.1.2: bytes=32 time=1ms TTL=255
Reply from 20.1.1.2: bytes=32 time=1ms TTL=255
Ping statistics for 20.1.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 51ms, Average = 24ms
# Verify that the DS-Lite NAT444 configuration is correct.
[Router] display nat outbound
NAT outbound information:
Totally 1 NAT outbound rules.
Interface: GigabitEthernet1/0/1
DS-Lite B4 ACL: 2100
Address group ID: 0
Port-preserved: N NO-PAT: N Reversible: N
Config status: Active
# Verify that the DS-Lite NAT444 configuration takes effect by checking the port block assignment.
[Router] display nat statistics Total session entries: 0 Total EIM entries: 0 Total inbound NO-PAT entries: 0 Total outbound NO-PAT entries: 0 Total static port block entries: 0 Total dynamic port block entries: 430 Active static port block entries: 0 Active dynamic port block entries: 1
# Verify that a NAT444 mapping has been created for the DS-Lite host.
[Router] display nat port-block dynamic ds-lite-b4 Local VPN DS-Lite B4 addr Global IP Port block Connections --- 1::1 20.1.1.11 1024-1323 1 Total entries found: 1