Providing FTP service from an IPv4 network to the IPv6 Internet
Network requirements
As shown in Figure 115, a company deploys an IPv4 network, and it has an IPv6 address 2012::1. The Internet migrates to IPv6.
To allow the IPv4 FTP server to provide FTP services to IPv6 hosts, configure the following AFT policies on the router:
Configure an IPv4-to-IPv6 source address static mapping for the IPv4 FTP server. The router uses the mapping to translate the destination IPv6 address of IPv6-initiated addresses to the IPv4 address.
Configure an IPv6-to-IPv4 source address dynamic translation policy. The router translates source IPv6 addresses of IPv6-initiated packets to source IPv4 addresses 30.1.1.1 and 30.1.1.2.
Figure 115: Network diagram
Configuration procedure
# Specify IP addresses for the interfaces on the router. (Details not shown.)
# Map source IPv4 address 20.1.1.1 to source IPv6 address 2012::1.
<Router> system-view [Router] aft v4tov6 source 20.1.1.1 2012::1
# Configure address group 0, and add the address range from 30.1.1.1 to 30.1.1.2 to the group.
[Router] aft address-group 0 [Router-aft-address-group-0] address 30.1.1.1 30.1.1.2 [Router-aft-address-group-0] quit
# Configure IPv6 ACL 2000 to permit all IPv6 packets to pass through.
[Router] acl ipv6 basic 2000 [Router-acl-ipv6-basic-2000] rule permit [Router-acl-ipv6-basic-2000] quit
# Configure the router to translate source addresses of IPv6 packets permitted by IPv6 ACL 2000 to IPv4 addresses in address group 0.
[Router] aft v6tov4 source acl ipv6 number 2000 address-group 0
# Enable AFT on GigabitEthernet 1/0/1, which is connected to the IPv6 Internet.
[Router] interface gigabitethernet 1/0/1 [Router-GigabitEthernet1/0/1] aft enable [Router-GigabitEthernet1/0/1] quit
# Enable AFT on GigabitEthernet 1/0/2, which is connected to the IPv4 network.
[Router] interface gigabitethernet 1/0/2 [Router-GigabitEthernet1/0/2] aft enable [Router-GigabitEthernet1/0/2] quit
Verifying the configuration
# Verify the connectivity between the IPv6 hosts and the IPv4 FTP server. For example, ping the IPv4 FTP server from IPv6 host A.
D:\>ping 2012::1 Pinging 2012::1 with 32 bytes of data: Reply from 2012::1: time=3ms Reply from 2012::1: time=3ms Reply from 2012::1: time=3ms Reply from 2012::1: time=3ms
# Display detailed information about IPv6 AFT sessions on the router.
[Router] display aft session ipv6 verbose Initiator: Source IP/port: 2013:0:FF0A:0101:0100::/1029 Destination IP/port: 2012::1/21 VPN instance/VLAN ID/Inline ID: -/-/- Protocol: TCP(6) Inbound interface: GigabitEthernet1/0/1 Responder: Source IP/port: 2012::1/21 Destination IP/port: 2013:0:FF0A:0101:0100::/1029 VPN instance/VLAN ID/Inline ID: -/-/- Protocol: TCP(6) Inbound interface: GigabitEthernet1/0/2 State: TCP_ESTABLISHED Application: FTP Start time: 2014-03-13 09:07:30 TTL: 3582s Initiator->Responder: 3 packets 184 bytes Responder->Initiator: 2 packets 148 bytes Total sessions found: 1
# Display detailed information about IPv4 AFT sessions on the router.
[Router] display aft session ipv4 verbose Initiator: Source IP/port: 30.1.1.1/11025 Destination IP/port: 20.1.1.1/21 DS-Lite tunnel peer: - VPN instance/VLAN ID/Inline ID: -/-/- Protocol: TCP(6) Inbound interface: GigabitEthernet1/0/1 Responder: Source IP/port: 20.1.1.1/21 Destination IP/port: 30.1.1.1/11025 DS-Lite tunnel peer: - VPN instance/VLAN ID/Inline ID: -/-/- Protocol: TCP(6) Inbound interface: GigabitEthernet1/0/2 State: TCP_ESTABLISHED Application: FTP Start time: 2014-03-13 09:07:30 TTL: 3577s Initiator->Responder: 3 packets 124 bytes Responder->Initiator: 2 packets 108 bytes Total sessions found: 1