ON THIS PAGE
NAT46 Next Gen Services Configuration Examples
Staring in Junos OS Release 20.2R1 you can run NAT46 Next Gen Services.
Starting in Junos OS Release 20.2R1, Network Address Translation and Protocol Translation (NAT-PT) [RFC2766] are supported for CGNAT Next Gen Services. NAT46 is a IPv4-to-IPv6 transition mechanism that provides a way for end-nodes in IPv6 realm to communicate with end-nodes in IPv4 realm and vice versa. This is achieved using a combination of Network Address Translation and Protocol Translation.
NAT46 is supported on both the SRX and on MX240, MX480, and MX960 for CGNAT Next Gen Services. This topic provides example configurations to help you understand how to configure NAT46 CGNAT Next Gen Services on these MX Series routers.
These examples are for SRX Series Firewalls. However, you can use these same examples
to configure NAT46 Next Gen Services on MX Series devices. Use the configuration
statements under the [edit services....] hierarchy on MX Series
devices to configure NAT46 Next Gen Services.
You can find these examples here: IPv6 NAT
There are four examples available:
Configuring an IPv4-Initiated Connection to an IPv6 Node Using Default Destination Address Prefix Static Mapping — This example shows how to configure an IPv4-initiated connection to an IPv6 node using default destination address prefix static mapping.
Configuring an IPv4-Initiated Connection to an IPv6 Node Using Static Destination Address One-to-One Mapping — This example shows how to configure an IPv4-initiated connection to an IPv6 node using static destination address one-to-one mapping.
Configuring an IPv6-Initiated Connection to an IPv4 Node Using Default Destination Address Prefix Static Mapping — This example shows how to configure an IPv6-initiated connection to an IPv4 node using default destination address prefix static mapping. This example does not show how to configure the NAT translation for the reverse direction.
Configuring an IPv6-Initiated Connection to an IPv4 Node Using Static Destination Address One-to-One Mapping — This example shows how to configure an IPv6-initiated connection to an IPv4 node using static destination address one-to-one mapping.
NAT46 Support Summary
NAT46 for Next Gen Services supports the following:
ICMP, TCP, and UDP protocol packets.
Static mapping is used to communicate between the IPv4 to IPv6 side of the subscriber connection.
Bi-directional traffic flow is supported if you have other ways to convey the mapping between the IPv6 address and the dynamically allocated IPv4 address.
NAT46 supports DNS, ICMP , nd FTP ALGs.
Keep these things in mind when configuring NAT46 for Next Gen Services:
No support of NAT64 feature described in NAT-PT (RFC 2765).
Static NAT is not used for the source translation in any NAT scenario.
Except DNS, FTP and ICMP, other ALGs are not supported for NAT46.
AMS functionality is not supported for NAT46.
Port translation is not tested with Source Address NAT (when source pool is a IPv6 prefix) for the NAT46 feature.
NAT46 Sample Configuration
This sample configuration applies for MX Series devices:
services {
nat {
source {
pool ipv6_prefix {
address 27a6::/96;
}
rule-set myipv6_rs {
rule ipv6_rule {
match {
source-address 10.1.1.1/30 ;
destination-address 27a6::a0a:a2d/126;
}
then {
source-nat {
pool {
ipv6_prefix;
}
}
}
}
match-direction input;
}
}
static {
rule-set test_rs {
rule test_rule {
match {
destination-address ip-address;
}
then {
static-nat {
prefix ip-address;
}
}
}
.....match-direction input;
}
}
}
service-set sset1 {
...
nat-rule-sets test_rs;
nat-rule-sets myipv6_rs;
...
}
}