在Cisco路由器上配置Stateless NAT64

注意：本文中列举的Cisco NAT64属于Stateless NAT64，与Stateful NAT64有较大的区别，请务必明确！

支持Stateless NAT64的版本为：Cisco IOS XE Release 3.2S（Cisco ASR 1000  Series）

Stateless NAT64是根据IP/ICMP Translation Algorithm：
RFC 6145而来

（Cisco 2010年11月发布时还处于Draft阶段），不文就不讨论具体的协议原理和区别，仅关注Cisco设备上的配置思路和步骤等。

与此相关的RFC文档主要有：

Framework for IPv4/IPv6 Translation：
RFC 6144

IP/ICMP Translation Algorithm：
RFC 6145

DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers：
RFC 6147

IPv6 Addressing of IPv4/IPv6 Translators:
RFC 6052

基本组网图：

各接口的IP地址、前缀长度及NAT64 Prefix等如上图所示

DNS64服务器及其相关的配置不在本文中讨论，本文仅涉及Cisco设备中Stateless NAT64的部署与配置

基本配置步骤

2. 1. enable
3. 2. configure terminal
4. 3. ipv6 unicast-routing
5. 4. interface type number
6. 5. description string
7. 6. ipv6 enable
8. 7. ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}
9. 8. nat64 enable  //说明：在接口上使能Stateless NAT64转换
10. 9. exit
11. 10. interface type number
12. 11. description string
13. 12. ip address ip-address mask
14. 13. nat64 enable  //说明：在接口上使能Stateless NAT64转换
15. 14. exit
16. 15. nat64 prefix stateless ipv6-prefix/length  //说明：配置Stateless NAT64转换中使用的Prefix及prefix length
17. 16. nat64 route ipv4-prefix/mask interface-name number    //说明：将该IPv4网段的路由转发至IPv6接口做Stateless NAT64转换
18. 17. end

复制代码 配置过程Example：

1. Router> enable
2. Router# configure terminal
3. Router(config)# ipv6 unicast-routing
4. Router(config)# interface giabitethernet0/0/0
5. Router(config-if)# description interface  towards ipv4 side
6. Router(config-if)# ipv6 enable
7. Router(config-if)# ipv6 address 2001:db8::1/64
8. Router(config-if)# nat64 enable
9. Router(config-if)# exit
10. Router(config)# interface giabitethernet0/0/1
11. Router(config-if)# description interface towards ipv6 side
12. Router(config-if)# ip address 192.0.2.1  255.255.255.0
13. Router(config-if)# nat64 enable
14. Router(config-if)# exit
15. Router(config)# nat64 prefix stateless  2001:db8:1:1::/96
16. Router(config)# nat64 route 192.0.2.0/24  gigabitethernet0/0/0
17. Router(config)# end

复制代码 Stateless NAT64相关的完整配置如下:

1. ipv6 unicast-routing
2. !
3. interface GigabitEthernet0/0/0
4. description interface towards ipv6 side
5. ipv6 address 2001:db8::1/64
6. ipv6 enable
7. nat64 enable
8. !
9. interface GigabitEthernet0/0/1
10. description interface towards ipv4 side
11. ip address 192.0.2.1  255.255.255.0
12. nat64 enable
13. !
14. nat64 prefix stateless 2001:db8:1:1:/96
15. nat64 route 192.0.2.0/24 GigabitEthernet0/0/0

复制代码 Stateless  NAT64相关的其它命令：

1. Step 1 show nat64 statistics
2. Step 2 show ipv6 route
3. Step 3 show ip route
4. Step 4 debug nat64 {all | ha {all | info | trace | warn} | id-manager | info | issu {all | message | trace} |
5. memory | statistics | trace | warn}
6. Step 5 ping [protocol [tag]] {host-name | system-address}

复制代码

1. Router# show nat64 statistics
2. NAT64 Statistics
3. Global Stats:
4. Packets translated (IPv4 -> IPv6): 21
5. Packets translated (IPv6 -> IPv4): 15
6. GigabitEthernet0/0/0 (IPv4 configured, IPv6 configured):
7. Packets translated (IPv4 -> IPv6): 0
8. Packets translated (IPv6 -> IPv4): 5
9. Packets dropped: 0
10. GigabitEthernet0/0/1 (IPv4 configured, IPv6 configured):
11. Packets translated (IPv4 -> IPv6): 5
12. Packets translated (IPv6 -> IPv4): 0
13. Packets dropped: 0

复制代码