9.23 IPv6 NAT-PT

Had a query related to the captioned subject:

Why is redistribute connected configured under ipv6 rip on R6 for this exercise? I'm able to accomplish the end-result even without the redistribute command.

Am I missing something here?

Please advise.

Regards,

Kartik

Comments

  • I have the same question.  I find INE has many solutions like this that go unexplained.

  • Can Tech Edit look into this?  I did this task again just now and still have the same question.

    SG offers no explanation.

    Thanks.

  • Can anyone shade some light on Why the v6v4 mapping is having 155.1.146.7 as the IPv4 address after translation and not 155.1.67.7.

    ipv6 nat v6v4 source fc00:1:0:67::7 155.1.146.7


     

  • Hi,

    If you try to use 155.1.67.7, you get the error message:

    Rack1R6(config)#
    Rack1R6(config)#
    *Jan 25 15:10:25.758: % Address 155.1.67.7 already in use on attached network
    Rack1R6(config)#
    Rack1R6(config)#

     

    Try this:

    On switch 1, create loop 77

    Rack1SW1#show run interface loop77
    Building configuration...

    Current configuration : 75 bytes
    !
    interface Loopback77
     no ip address
     ipv6 address FC00:1:0:77::7/64
    end

    Rack1SW1#

     

    On R6, configure:

     

    Rack1R6(config)#
    Rack1R6(config)#ipv6 nat v4v6 source 150.1.4.4 2000::9601:404
    Rack1R6(config)#ipv6 nat v6v4 source FC00:1:0:77::7 155.1.67.77

    Rack1R6(config)#
    Rack1R6(config)#

     

    enable debugging on R6 and do the following ping for SW!:

    Rack1SW1#ping ipv6 2000::9601:404 source loop77

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 2000::9601:404, timeout is 2 seconds:
    Packet sent with a source address of FC00:1:0:77::7
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/9 ms
    Rack1SW1#

     

    Debug output:

    Jan 25 15:16:44.214: IPv6 NAT: IPv6->IPv4:
                     src (FC00:1:0:77::7 -> 155.1.67.77)
                     dst (:: -> 0.0.0.0)
                     ref_count = 1, usecount = 0, flags = 257,
                     rt_flags = 0, more_flags = 0

    *Jan 25 15:16:44.214: IPv6 NAT: IPv6->IPv4:
                     src (:: -> 0.0.0.0)
                     dst (2000::9601:404 -> 150.1.4.4)
                     ref_count = 1, usecount = 0, flags = 513,
                     rt_flags = 0, more_flags = 0

    *Jan 25 15:16:44.214: IPv6 NAT: IPv6->IPv4: icmp src (FC00:1:0:77::7) -> (155.1.67.77), dst (2000::9601:404) -> (150.1.4.4)
    *Jan 25 15:16:44.218: IPv6 NAT: Found prefix 2000::/96
    *Jan 25 15:16:44.218: IPv6 NAT: IPv4->IPv6:
                     src (150.1.4.4 -> 2000::9601:404)
                     dst (155.1.67.77 -> FC00:1:0:77::7)
                     ref_count = 1, usecount = 0, flags = 2,
                     rt_flags = 0, more_flags = 0

    *Jan 25 15:16:44.218: IPv6 NAT: IPv4->IPv6:  src (150.1.4.4) -> (2000::9601:404), dst (155.1.67.77) -> (FC00:1:0:77::7)
    *Ja
    Rack1R6(config)n 25 15:16:44.222: IPv6 NAT: IPv6->IPv4:
                     src (FC00:1:0:77::7 -> 155.1.67.77)
                     dst (2000::9601:404 -> 150.1.4.4)
                     ref_count = 1, usecount = 0, flags = 2,
                     rt_flags = 0, more_flags = 0


    Rack1R6(config)#do sh ipv6 nat trans
    Prot  IPv4 source              IPv6 source
          IPv4 destination         IPv6 destination
    ---   ---                      ---
          150.1.4.4                2000::9601:404

    ---   155.1.67.7               FC00:1:0:67::7
          ---                      ---

    icmp  155.1.67.77,6804         FC00:1:0:77::7,6804
          150.1.4.4,6804           2000::9601:404,6804

    ---   155.1.67.77              FC00:1:0:77::7
          ---                      ---

    Rack1R6(config)#

    The only I still dont understand is why a 'redistribute connected' was included in the SG because everything works fine without it.

    Crownade

     

     

  • Since the 2000::/96 prefix defined in the nat-pt statement will be shown as connected on R6


    Rack13R6#sh ipv6 route 2000::/96
    Routing entry for 2000::/96
      Known via "connected", distance 0, metric 0, type connected
      Backup from "rip RIPNG [120]", "eigrp 1 [170]", "ospf 1 [171]"
      Route count is 1/1, share count 0
      Routing paths:
        directly connected via NVI0
          Last updated 00:26:54 ago

     

    you can advertise the prefix to your neighbor to avoid static ipv6 routes. However in this case SW1 is not even running RIPng... maybe they meant redi into OSPFv3 as a backup solution to static ipv6 routes?

    Rack13SW1#sh ipv6 route 2000::/96
    Routing entry for 2000::/96
      Known via "ospf 1", distance 110, metric 20, type extern 2
      Route count is 1/1, share count 0
      Routing paths:
        FE80::21A:6CFF:FE30:87A2, Vlan67
          Last updated 00:00:01 ago

    Like you guys said - it sounds pretty useless redistributing connected into RIPng in this task..

     

     

     

     

  • After following the config... i can ping to the NATed ip asuccesfully,

    Rack1SW1#ping 2000::9601:404 r 1

    Type escape sequence to abort.
    Sending 1, 100-byte ICMP Echos to 2000::9601:404, timeout is 2 seconds:
    !

    Rack1R6# debug ipv6 nat detail

    *Mar  1 03:27:27.011: IPv6 NAT: IPv6->IPv4:
                     src (FC00:1:0:67::7 -> 155.1.146.7)
                     dst (:: -> 0.0.0.0)
                     ref_count = 1, usecount = 0, flags = 257,
                     rt_flags = 0, more_flags = 0

    *Mar  1 03:27:27.015: IPv6 NAT: IPv6->IPv4:
                     src (:: -> 0.0.0.0)
                     dst (2000::9601:404 -> 150.1.4.4)
                     ref_count = 1, usecount = 0, flags = 513,
                     rt_flags = 0, more_flags = 0

    *Mar  1 03:27:27.019: IPv6 NAT: icmp src (FC00:1:0:67::7) -> (155.1.146.7), dst (2000::9601:404) -> (150.1.4.4)
    *Mar  1 03:27:27.087: IPv6 NAT: Found prefix 2000::/96
    Rack1R6#
    *Mar  1 03:27:27.091: IPv6 NAT: IPv4->IPv6:
                     src (150.1.4.4 -> 2000::9601:404)
                     dst (155.1.146.7 -> FC00:1:0:67::7)
                     ref_count = 1, usecount = 0, flags = 2,
                     rt_flags = 0, more_flags = 0

    But I am getting this error message continuosly..

    Rack1R6#
    *Mar  1 03:26:57.735: IPv6 NAT: Found prefix 2000::/96
    *Mar  1 03:26:57.739: IPv6 NAT:v4tov6 entry not found

    anyone knows why?

     

     

  • I am certain tha no one will fall into this problem but it could be ugly on an exam.   I turned on "ipv6 cef" on R6 in an earlier lab to look at the cef tables.   With "ipv6 cef" turned on NAT-PT will not function.   The key pointer was that "debug ipv6 nat detail" showed nothing.  I had to "no ipv6 cef" to allow NAT-PT to function.   Lost time but should not forget it.  Learning things the hard way. 

    have fun

  • Excellent spot I could not get the solution to work despite following the guide and I turned off ipv6 cef as you suggested and it worked. Not sure I remember turning on ipv6 cef at any stage so definetly one to watch out for in my opinion. I am running 12.4.24 T3.

  • As an FYI only the first bullet in the Cisco 12.4T docuemntation restrictions for implimenting NAT-PT for IPv6 explicitly shows that NAT-PT will NOT work with in CEF.

  • NAT-PT is not compatible with IPv6 CEF;
    to make it work we need to disable IPv6 CEF. On the other hand, there is an alternative
    for NAT-PT, which is NAT64.

  • That's odd for IPv6 CEF stuff.

    I tested on 12.4(24)T with IPv6 CEF, NAT-PT worked intermittently, and it stopped working when I disable IPv6 CEF.

    No CEF:

    IPv6 NAT: IPv6->IPv4: icmp src (FC00:11:0:67::7) -> (155.11.146.7), dst (2000::9601:404) -> (150.11.4.4)

    IPv6 NAT:  src (150.11.4.4) -> (2000::9601:404), dst (155.11.146.7) -> (FC00:11:0:67::7)

    With CEF:

    IPv6 NAT*: IPv6->IPv4: icmp src (FC00:11:0:67::7) -> (155.11.146.7), dst (2000::9601:404) -> (150.11.4.4)

    %SYS-2-BADBUFFER: Attempt to use contiguous buffer as scattered src, ptr= 6728E870, pool= 6728E6E4 -Process= "<interrupt level>", ipl= 1,  -Traceback= 0x602110D4z 0x60417FC0z 0x6042B078z

    IPv6 NAT*: IPv4->IPv6:  src (150.11.4.4) -> (2000::9601:404), dst (155.11.146.7) -> (FC00:11:0:67::7)

Sign In or Register to comment.