[6bone] Cisco, NAT-PT : establish connection from IPv6 to IPv 4

Joćo Carlos Neves Cabral joao.cabral@vodafone.com
Thu, 5 Jun 2003 17:17:41 +0100 

Hi,

You configure an IPv4 pool for your IPv6 addresses to be translated into.

You need one v4 address per NAT-PT session/V6 client (until overload is 
supported).

Any traffic that you originate from your v6 client to a v4 address will
reach its destination Nated. The problem is when the reply reaches the
NAT-PT router. The router doesn't know which IPv6 address it should map the
v4 reply source address into. 

AFAIK, there are two ways to overcome this:

1) MAP each individual v4 address you want to access, to a v6 address with
v4v6 

2) Force the use of DNS-ALG:

	On V6 client configure v6 DNS server with an v4 mapped address. 
	
	I.E. 

V6 client <-> DNS is PREFIX::v4 <-NAT-PT-> V4 network <-> v4 DNS server

And map statically with v6v4 the v4 DNS server address into a v6 address
from the prefix. 

This will make the v6 DNS request reach the v4 DNS server after being nated.
The v4 reply is then back nated into v6 because you configure static
translation for this address. And becase the router sees the DNS request
passing trough it, also intercepts it and:

	a) Opens a NAT mapping for the v4 address you queried
	b) Converts the v4 DNS reply into V6 AAAA format to send back to you

And then you can access any v4 site as long as you use its DNS name and use
the DNS-ALG scheme above.

You could also try to use a V6 only DNS server (i.e. not require the v6v4
NAT DNS server) but I don't know if this will activate DNS-ALG. Perhaps it
might do. This would be 3) i.e. DNS-ALG with a native DNS server.

Aparently there's a 4) which is, if your first packet comes from the v4
world then the required maping is kept on the table as you describe in your
email.

AFAIK there isn't another way. If you discover one please let me know as I'd
also be interested in knowing how to do it. 

It's a shame the router can't simply map any V4 packet sources to v6 sources
on a given prefix but I suppose this would break all incoming v4 packets and
hence, routing protocols, tunnels, 6PE or whatever you wanted to use there
(v4 wise).

Hope this helps,
Regards,
Joao.







-----Original Message-----
From: Jerome Wenzel [mailto:jwenzel@netline.lu] 
Sent: 05 June 2003 15:46
To: 6bone@mailman.isi.edu
Subject: [6bone] Cisco, NAT-PT : establish connection from IPv6 to IPv4

Hello,

I'm testing NAT-PT on a 7200 Cisco router, and I would like to establish
connection between the IPv6 and the IPv4 networks.

I've mapped the IPv6 address of my PC, which is on an IPv6 only network,
to an IPv4 address. So, my IPv6 PC is accessible by any IPv4 PC.
If I ping it, I can see the encapsulation of the packet coming from the
IPv4 PC, it's like PREFIX::IPv4_address_in_hexadecimal_form. The
translation table of the router is updated. Then, the IPv6 PC can ping
the IPv4 PC, because of this update.

But now I want to ping another IPv4 PC, so I type : ping6
PREFIX::another_IPv4_address. The router receives IPv6 packets, but drop
them (I saw this with debug ipv6 packet). On the url join below, it
seems to be normal, because translation doesn't exists for the incoming
packet.

How can I process to access any IPv4 adress ? I must create a mapping ?
It doesn't seem to be practical.
Why from IPv6 to IPv4 isn't the IPv6 header (like PREFIX::IPv4_address)
automatically translated to an IPv4 header, as it is done from IPv4 to
IPv6 ?

Thanks.

This the url where I've found some informations :

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_data_she
et09186a008011ff51.html

...

5 NAT-PT translations and Application Level Gateway
5.1 IP header translation
5.1.1 From IPv6 to IPv4
The Protocol Translator translates the IPv6 header to an IPv4 header
under the following conditions:

IPv6 packet is received with an IPv4-mapped IPv6 address (i.e.
pre-configured /96 prefix) 
Translation exists for the incoming packet 

...

5.1.2 From IPv4 to IPv6
When NAT-PT receives a packet addressed to a destination that lies
outside of the attached IPv4 realm, the IPv4 header is translated to an
IPv6 header.

...
_______________________________________________
6bone mailing list
6bone@mailman.isi.edu
http://mailman.isi.edu/mailman/listinfo/6bone