Allowing IPv6 Internet access from an IPv4 network
Network requirements
As shown in Figure 114, a company deploys an IPv4 network, and the Internet migrates to IPv6.
To allow IPv4 hosts to access the IPv6 server in the IPv6 Internet, configure the following AFT policies on the router:
Configure an IPv4-to-IPv6 source address dynamic translation policy.
Configure an IPv6-to-IPv4 source address static mapping for the IPv6 server.
Figure 114: Network diagram
Configuration procedure
# Specify IP addresses for the interfaces on the router. (Details not shown.)
# Configure IPv4 ACL 2000 to permit IPv4 packets only from subnet 10.1.1.0/24 to pass through.
<Router> system-view [Router] acl number 2000 [Router-acl-ipv4-basic-2000] rule permit source 10.1.1.0 0.0.0.255 [Router-acl-ipv4-basic-2000] rule deny [Router-acl-ipv4-basic-2000] quit
# Configure NAT64 prefix 2012:: 96.
[Router] aft prefix-nat64 2012:: 96
# Configure the router to use NAT64 prefix 2012:: 96 to translate source addresses of packets permitted by IPv4 ACL 2000.
[Router] aft v4tov6 source acl number 2000 prefix-nat64 2012:: 96
# Map source IPv6 address 2013:0:ff14:0101:100:: to source IPv4 address 20.1.1.1.
[Router] aft v6tov4 source 2013:0:ff14:0101:100:: 20.1.1.1
# Enable AFT on GigabitEthernet 1/0/1, which is connected to the IPv4 network.
[Router] interface gigabitethernet 1/0/1 [Router-GigabitEthernet1/0/1] aft enable [Router-GigabitEthernet1/0/1] quit
# Enable AFT on GigabitEthernet 1/0/2, which is connected to the IPv6 Internet.
[Router] interface gigabitethernet 1/0/2 [Router-GigabitEthernet1/0/2] aft enable [Router-GigabitEthernet1/0/2] quit
Verifying the configuration
# Verify the connectivity between the IPv4 hosts and the IPv6 server. This example uses the ping utility on an IPv4 host.
D:\>ping 20.1.1.1 Pinging 20.1.1.1 with 32 bytes of data: Reply from 20.1.1.1: bytes=32 time=14ms TTL=63 Reply from 20.1.1.1: bytes=32 time=1ms TTL=63 Reply from 20.1.1.1: bytes=32 time=1ms TTL=63 Reply from 20.1.1.1: bytes=32 time=1ms TTL=63
# Display detailed information about IPv6 AFT sessions on the router.
[Router] display aft session ipv4 verbose Initiator: Source IP/port: 10.1.1.1/1025 Destination IP/port: 20.1.1.1/2048 DS-Lite tunnel peer: - VPN instance/VLAN ID/Inline ID: -/-/- Protocol: ICMP(1) Inbound interface: GigabitEthernet1/0/1 Responder: Source IP/port: 20.1.1.1/1025 Destination IP/port: 10.1.1.1/0 DS-Lite tunnel peer: - VPN instance/VLAN ID/Inline ID: -/-/- Protocol: ICMP(1) Inbound interface: GigabitEthernet1/0/2 State: ICMP_REPLY Application: OTHER Start time: 2014-03-13 08:52:59 TTL: 27s Initiator->Responder: 4 packets 240 bytes Responder->Initiator: 4 packets 240 bytes Total sessions found: 1
# Display detailed information about IPv4 AFT sessions on the router.
[Router] display aft session ipv6 verbose Initiator: Source IP/port: 2012::0A01:0101/0 Destination IP/port: 2013:0:FF14:0101:0100::/32768 VPN instance/VLAN ID/Inline ID: -/-/- Protocol: IPV6-ICMP(58) Inbound interface: GigabitEthernet1/0/1 Responder: Source IP/port: 2013:0:FF14:0101:0100::/0 Destination IP/port: 2012::0A01:0101/33024 VPN instance/VLAN ID/Inline ID: -/-/- Protocol: IPV6-ICMP(58) Inbound interface: GigabitEthernet1/0/2 State: ICMPV6_REPLY Application: OTHER Start time: 2014-03-13 08:52:59 TTL: 23s Initiator->Responder: 4 packets 320 bytes Responder->Initiator: 4 packets 320 bytes Total sessions found: 1