Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring MAP-E on NFX Series Devices

Overview

This example describes how to configure Mapping of Address and Port with Encapsulation (MAP-E) functionality on NFX Series devices. For more information about MAP-E, see Mapping of Address and Port with Encapsulation on NFX Series Devices.

Requirements

This example uses the following hardware and software components:

  • NFX150 device running Junos OS Release 19.4R1, deployed as a customer edge (CE) device.

  • MX480 device, deployed as a border relay (BR) device.

  • Map physical interfaces to virtual interfaces. For more information, see Mapping Interfaces on NFX150 Devices.

Topology Overview

This topology shows how to configure MAP-E CE functionality on NFX Series devices. This topology also shows how the IPv4 packets from MAP-E CE devices are encapsulated and transported through an IPv4-over-IPv6 tunnel to MAP-E provider edge (PE) devices (also known as border relay [BR] devices) through an IPv6 routing topology, where the packets are detunneled for further processing. An MX Series device is used as the MAP-E BR device, which is a dual-stack device connected to both a public IPv4 network and an IPv6 MAP-E network.

Figure 1 shows the MAP-E deployment on NFX Series devices.

Figure 1: MAP-E Deployment on NFX Series DeviceMAP-E Deployment on NFX Series Device

Configure an NFX Series Device as a MAP-E CE Device

To configure an NFX Series device as a MAP-E customer edge device:

  1. Configure the security policies and zones for applying different security measures on IPv4-facing interfaces and IPv6-facing interfaces. The following configuration adds LAN interface (ge-1/0/1) and WAN interface on the service provider end (ge-1/0/2) into relevant security zones and configures a policy to permit all traffic between these zones. The configuration also adds corresponding internal logical tunnel (lt) interface units into security zones.
  2. Configure the interfaces to provide network connectivity and data flow. The following configuration assigns IPv4 address on LAN side and IPv6 on WAN side. The MTU on the IPv6 side must support maximum MTU.
  3. Configure both the logical tunnel interfaces. The logical tunnel interfaces act as internal endpoints to MAP-E encapsulator or decapsulator block in NFX series box. This separates the network traffic for IPv4 and IPv6. Here, lt-1/0/0 unit 1 terminates IPv4 traffic that is received on ge-1/0/1 and lt-1/0/0 unit 2 initiates IPv6 traffic to be sent out through ge-1/0/2. lt-1/0/0 unit 2 terminates IPv6 traffic that is received on ge-1/0/2 and lt-1/0/0 unit 1 initiates IPv4 traffuc to be sent out through ge-1/0/1.
  4. Configure the routing instances for the IPv4 and IPv6 network traffic domains inside NFX:
  5. Configure the MAP-E BMR and FMR rules to provide mapping between the IPv4 network and IPv6 network:
  6. (Optional) Configure the confidentiality option for MAP-E if you want to hide the MAP-E parameters in show command output for non-super users:
  7. Configure source NAT rule and NAT pool:
  8. Commit the configuration:

Configure an MX Series Device as a BR Device

To configure an MX Series device as a border relay device:

  1. Configure the service set for MAP-E on the MX Series device:
  2. Configure the MAP-E softwire concentrator and associated parameters. This creates a tunnel between two IPv6 endpoints to carry IPv4 packets or between two IPv4 endpoints to carry IPv6 packets.
  3. Configure a softwire rule to specify the direction of traffic to be tunneled and the MAP-E softwire concentrator to be used:
  4. Configure a service interface inside the dual-stack domain:
  5. Configure a service interface outside the dual-stack domain:
  6. Configure the maximum transmission unit (MTU) on the BR interface:
  7. Configure the logical interfaces and assign the IPv4 and IPv6 addresses:
  8. Configure the routing instances:
  9. Commit the configuration:

Verify the MAP-E Configuration

Purpose

After completing the MAP-E configuration on an NFX Series device, you can verify the status of the MAP-E configuration.

Action

  • Verify the status of the packet flow:

  • Verify whether the IPv4 and IPv6 addresses are configured correctly:

  • Verify the map rule statistics:

  • View the details of the NAT source rule:

  • View the details of the NAT source pool:

  • View the NAT source summary:

  • View the persistent NAT table:

  • View the softwire statistics on the MX Series device:

Meaning

This section describes the output fields for the MAP-E configuration on NFX Series devices.

Role

MAP-E is deployed on a CE device. Currently, only the CE role is supported.

Version

MAP-E version: MAP-E draft-3.

BR address

Border router address to be used as the destination address in the absence of a matching FMR rule.

Rule name

Name of the BMR or FMR rule configured.

Rule IPv4 prefix

IPv4 prefix in the BMR or FMR rule.

Rule IPv6 prefix

IPv6 prefix in the BMR or FMR rule.

Port set ID

Port set identifier, used to algorithmically identify a set of ports exclusively assigned to a CE device.

PSID offset

Port set identifier offset, used to specify the range of excluded ports.

PSID length

Port set identifier length, used to specify the sharing ratio.

EA bit length

Embedded address bit length, used to specify part of the IPv4 address or the PSID.