Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring 464XLAT Provider-Side Translator for IPv4 Connectivity Across IPv6-Only Network for Next Gen Services

 

Configuring the Source Pool for 464XLAT

To configure the source pool for 464XLAT:

  1. Create a source NAT pool that is used to translate source IPv6 addresses to source public IPv4 addresses on PLAT.
  2. Define the addresses or subnets to which source addresses are translated.
  3. If you want to allocate a block of ports for each subscriber to use, configure port-block allocation:
    1. Configure the number of ports in a block. The range is 1 through 64,512 and the default is 256.
    2. Configure the interval, in seconds, for which the block is active. After the timeout, a new block is allocated, even if ports are available in the active block. If you set the timeout to 0, port blocks are filled completely before a new port block is allocated, and the last port block remains active indefinitely. The range is 0 through 86,400, and the default is 120.
    3. If you set the active-block-timeout to 0, you can configure the amount of time before the last active port block is released. The range is 120 through 864,000 seconds, and the default is 300.
    4. Configure the maximum number of blocks that can be allocated to a user address. The range is 1 through 512, and the default is 8.
    5. Specify how often to send interim system logs for active port blocks and for inactive port blocks with live sessions. This increases the reliability of system logs, which are UDP-based and can get lost in the network. The range is 1800 through 86,400 seconds, and the default is 1800 (interim logs are disabled).
  4. Specify the timeout period for endpoint independent translations that use the specified NAT pool. Mappings that are inactive for this amount of time are dropped. The range is 120 through 86,400 seconds. If you do not configure ei-mapping-timeout, then the mapping-timeout value is used for endpoint independent translations.
  5. Specify the timeout period for address-pooling paired mappings that use the NAT pool. The range is 120 through 86,400 seconds, and the default is 300. Mappings that are inactive for this amount of time are dropped.

    If you do not configure ei-mapping-timeout for endpoint independent translations, then the mapping-timeout value is used for endpoint independent translations.

Configuring the NAT Rules for 464XLAT

For 464XLAT, you must configure a source rule and a destination rule. To configure the NAT rules for 464XLAT:

  1. Configure the source NAT rule name.
  2. Specify the traffic direction to which the NAT rule set applies.
  3. Specify the CLAT IPv6 source prefix.
  4. Configure the IPv6 source address prefix to match. This is the IPv4 source address embedded in IPv6 by using the CLAT prefix.
  5. Specify the NAT source pool that the PLAT uses for converting the IPv6 source address to a public IPv4 address.
  6. If you want to ensure that the same external address and port are assigned to all connections from a given host, configure endpoint-independent mapping:

    1. Configure the mapping type as endpoint independent.
    2. Specify prefix lists that contain the hosts that are allowed to establish inbound connections using the endpoint-independent mapping. (Prefix lists are configured at the [edit policy-options] hierarchy level.)
    3. Specify the maximum number of inbound flows allowed simultaneously on an endpoint-independent mapping.
    4. Specify the direction in which active endpoint-independent mapping is refreshed. By default, mapping is refreshed for both inbound and outbound active flows.
    5. Configure the address-pooling paired feature if you want to ensure assignment of the same external IP address for all sessions originating from the same internal host.
    6. Specify the timeout period for address-pooling-paired mappings that use the NAT pool. The range is 120 through 86,400 seconds, and the default is 300. Mappings that are inactive for this amount of time are dropped.

      If you do not configure ei-mapping-timeout for endpoint independent translations, then the mapping-timeout value is used for endpoint independent translations.

    7. Configure the generation of a syslog when traffic matches the NAT rule conditions.
  7. Configure the destination NAT rule name.
  8. Specify the traffic direction to which the destination NAT rule set applies.
  9. Configure the IPv6 source address prefix to match. Use the same value that you used for the NAT source rule.
  10. Configure the PLAT destination IPv6 prefix.
  11. Configure the IPv6 destination address to match. This is the IPv4 destination address embedded in IPv6 by using the PLAT destination prefix.

Configuring the Service Set for 464XLAT

To configure the service set for 464XLAT:

  1. Define the service set.
  2. Configure either an interface service, which requires a single service interface, or a next-hop service, which requires an inside and outside service interface.

    or

  3. Specify the NAT rule sets to be used with the service set.

Clearing the Don’t Fragment Bit

Specify that the don’t fragment (DF) bit for IPv4 packet headers is cleared when the packet length is less than 1280 bytes.

This prevents unnecessary creation of an IPv6 fragmentation header when translating IPv4 packets that are less than 1280 bytes.