Configuring Mapping of Address and Port with Encapsulation (MAP-E)
Understanding Mapping of Address and Port with Encapsulation (MAP-E)
This topic provides an overview of Mapping of Address and Port with Encapsulation (MAP-E) feature and its benefit to service providers when used as an inline service on MX Series routers with MPC and MIC interfaces. Starting in Junos OS release 20.2R1, MAP-E softwires are supported under Next Gen Services on either an MPC or MIC by specifying the inline services si-1/1/0 naming convention. Starting in Junos OS release 20.3R1, MPC10E and MX2K-MPC11E support MAP-E.
Benefits of Mapping of Address and Port with Encapsulation (MAP-E)
Reduces administrative overhead and creates a scalable network infrastructure that easily supports connectivity to a large number of IPv4 subscribers over the ISP's IPv6 access network.
Mapping of Address and Port with Encapsulation (MAP-E) Terminology
Border Relay (BR)—MAP-E-enabled provider edge device in a MAP domain. A BR device has at least an IPv6-enabled interface and an IPv4 interface connected to the native IPv4 network.
MAP-E Customer Edge (CE)—MAP-E-enabled customer edge device in a MAP deployment.
MAP domain—One or more MAP-E CE devices and BR devices connected to the same virtual link.
Port Set ID (PSID)—Separate part of the transport layer port space that is denoted as port set ID.
Embedded Address (EA) Bits—EA-bits in the IPv6 address identify an IPv4 prefix or address or a shared IPv4 address and a port-set identifier.
Softwire—Tunnel between two IPv6 end-points to carry IPv4 packets or two IPv4 end-points to carry IPv6 packets.
Softwire Initiator (SI)—Softwire at the customer end that encapsulates native packets and tunnels them to a softwire concentrator at the service provider.
Softwire Concentrator (SC)—Softwire that decapsulates the packets received from a softwire initiator and sends them to their destination.
Mapping of Address and Port with Encapsulation (MAP-E) Functionality
Figure 1 illustrates a simple MAP-E deployment scenario.
In the MAP-E network topology, there are two MAP-E customer edge (CE) devices, each connected to a private IPv4 host. The MAP-E CE devices are dual stack and are capable of Network Address Port Translation (NAPT). The MAP-E CE devices connect to a MAP-E Border Relay (BR) device through an IPv6-only MAP-E network domain. The MAP-E BR device is dual stack and is connected to both a public IPv4 network and an IPv6 MAP-E network.
The MAP-E functionality is as follows:
- The MAP-E CE devices are capable of NAPT. On receiving an IPv4 packet from the host, the MAP-E CE device performs NAT translation on the incoming IPv4 packets.
- The NAT translated IPv4 packets are then encapsulated into IPv6 packets by the MAP-E CE device, and sent to the MAP-E BR device.
- The IPv6 packet gets transported through the IPv6-only service provider network and reaches the MAP-E BR device.
- On receiving the IPv6 packets, the incoming IPv6 packets are decapsulated by the MAP-E CE device and routed to the IPv4 public network.
In the reverse path, the incoming IPv4 packet is encapsulated into an IPv6 packet by the MAP-E BR device, and routed to the MAP-E CE devices.
Mapping of Address and Port with Encapsulation (MAP-E) Supported and Unsupported Features
Junos OS supports the following MAP-E features and functionality:
MAP-E implementation supports line card throughput of 100 Gigabits.
support for Inline MAP-E Border Relay (BR) solution that adheres to draft version 03 of RFC 7597
Fully compliant with draft version 03 of RFC 7597, Mapping of Address and Port with Encapsulation (MAP), when the version-3 option is disabled at the services softwires softwire-types map-e map-e-concentrator-name
Support chassis-wide scale of 250 shared MAP-E rules.
Support the feature on all MPCs using service interfaces with 100 Gigabits.
Ability to ping MAP-E BR IPv6 address.
Support only next-hop style of configuration for MAP-E.
Support reassembly of fragmented IPv4 traffic arriving from IPv4 network before encapsulating it into an IPv6 packet.
Support fragmentation of inner IPv4 packet if the packet size after encapsulation exceeds the MAP-E maximum transmission unit (MTU).
Packets having Internet Control Message Protocol (ICMP) payload with the following message types are accepted for MAP-E encapsulation and decapsulation:
Echo or Echo Reply Message of type 0 and 8
Timestamp or Timestamp Reply Message of type 13 and 14
Information Request or Information Reply Message of type 15 and 16
Source quench, destination_unreachable, time_exceeded, Icmp_redirect, Icmp_address_mask_reply and parameter_problem errors
Border Relay (BR) anycast is supported.
The following features and functionality are not supported with the MAP-E feature:
Anti-spoof check is not supported for fragmented IPv4 packets coming from a customer edge (CE) device.
Section 8.2 of the Internet draft draft-ietf-softwire-map-03 (expires on July 28, 2013), Mapping of Address and Port with Encapsulation (MAP) is not supported. Instead of responding with an ICMPv6 Destination Unreachable, Source address failed ingress/egress policy (Type 1, Code 5) message, spoof packets are silently dropped and the counter is incremented.
IPv6 reassembly is not supported.
ICMP v6-to-v4 translation at the BR is not supported.
Inline MAP-E with virtual routing and forwarding (VRF) is not supported.
Inline MAP-E with inline Network Address Translation (NAT) or dual stack (DS)-Lite is not supported.
Interface-style MAP-E configuration is not supported.
Configuring Mapping of Address and Port with Encapsulation (MAP-E)
This example shows you how to configure the MAP-E Border Relay (BR) solution using a next hop-based style of configuration.
To configure MAP-E:
- Create service interface on the device with 100g bandwidth
support.[edit chassis]user@host# set fpc 0 pic 0 inline-services bandwidth 100g
- Configure the dual stack service interface unit 0.[edit interfaces]user@host# set si-0/0/0 unit 0 family inetuser@host# set si-0/0/0 unit 0 family inet6
- Configure service interface inside the dual stack domain.[edit interfaces]user@host# set si-0/0/0 unit 1 family inetuser@host# set si-0/0/0 unit 1 family inet family inet6user@host# set si-0/0/0 unit 1 service-domain inside
- Configure service interface outside the dual stack domain.[edit interfaces]user@host# set si-0/0/0 unit 2 family inetuser@host# set si-0/0/0 unit 2 family inet family inet6user@host# set si-0/0/0 unit 2 service-domain outside
- Configure the IPv4-facing interface on BR.[edit interfaces]user@host# set ge-0/2/7 unit 0 family inet address 10.10.10.1/16
- Configure the CPE-facing interface on BR.[edit interfaces]user@host# set ge-0/2/8 unit 0 family inet6 address 3abc::1/16
- Configure the MAP-E softwire concentrator and associated
parameters.[edit services softwire softwire-concentrator]user@host# set map-e swire01-rd1 version03user@host# set map-e swire01-rd1 softwire-address 2001:db8:ffff::1user@host# set map-e swire01-rd1 ipv4-prefix 10.10.0.0/16 mape-prefix 3040::0/16user@host# set map-e swire01-rd1 ea-bits-len 16user@host# set map-e swire01-rd1 psid-offset 6user@host# set map-e swire01-rd1 psid-length 8user@host# set map-e swire01-rd1user@host# set mtu-ipv6 9192user@host# set map-e swire01-rd1 v4-reassembly
When configuring the MAP-E softwire concentrator, take the following into consideration:
Possible values for ea-bits-len is 0 through 48.
Possible values for v4-prefix-len is 0 through 32.
If v4-prefix-len is 0 then ea-bits-len must be non-zero, and vice versa.
It is possible that ea-bits-len is equal to 0, but psid-len is non-zero.
If the sum of v4-prefix-len and ea-bits-len is less than 32, then the psid-len must be equal to the difference between 32 and the sum total of v4-prefix-len and ea-bits-len.
The MAP-E IPv4 and IPv6 prefix must be unique per softwire concentrator.
MAP-E PSID offset has a default value of 4, and MAP-E tunnel maximum transmission unit (MTU) has a default value of 9192.
- Configure a softwire rule to specify the direction of
traffic to be tunneled and the MAP-E softwire concentrator to be used.[edit services softwire]user@host# set rule swire01-r1 match-direction input term t1 then map-e swire01-rd1
- Configure the service set for MAP-E.[edit services service-set]user@host# set mape-nh-service-set softwire-rules swire01-r1user@host# set mape-nh-service-set next-hop-service inside-service-interface si-0/0/0.1 outside-service-interface si-0/0/0.2