IPv6和IPv4互通实验 nat
IP IPv6 NAT-PT 动态映射实验
有三台路由器分别为R1,R2,R3,拓扑如上图.
R1配置:
int f0/0
no sh
int f0/0.12
en do 12
ip add 12.1.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 12.1.1.2
R3配置:
ipv6 unicast-routing
int f0/0
no sh
int f0/0.23
en do 23
ipv6 address 2023::3/64
ipv6 route ::/0 2023::2
R2配置:
ipv6 unicast-routing
int f0/0
no sh
int f0/0.12
en do 12
ip add 12.1.1.2 255.255.255.0
ipv6 nat
int f0/0.23
en do 23
ipv6 address 2023::2/64
ipv6 nat
ipv6 access-list V4MAP permit 2000::/48 any
ipv6 access-list V6LIST permit 2000::/48 any
ipv6 nat prefix 2001::/96 v4-mapped V4MAP
ipv6 nat v6v4 pool v4pool 12.1.1.1 12.1.1.254 prefix-length 24
ipv6 nat v6v4 source list V6LIST pool v4pool
配置完成.
调试:
R2#debug ipv6 nat
因为是NAT-PT动态映射,所以只能从v6端发起访问,因为在一开始并没有v6端的主机使用了地址池中的地址,
地址池的ipv4地址没有与任何v6端的主机的ipv6地址进行映射,因此v4端在相应映射未建立的情况下是无
法ping通地址池里对应的地址.而v4端的ipv6地址是通过:96位的前缀加上自己的ipv4地址(32位)合并而成,
一共是128位.所以我们想从R3pingR1的话就需要使用v6地址2001::1017:1f02(就是2001::16.23.32.2).
R3#ping 2001::1017:1f02
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1017:1F02, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/116/252 ms
此时的R2出现的调试信息:
*Mar 1 00:15:21.387: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar 1 00:15:21.451: IPv6 NAT: src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar 1 00:15:21.531: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar 1 00:15:21.611: IPv6 NAT: src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar 1 00:15:21.639: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar 1 00:15:21.667: IPv6 NAT: src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar 1 00:15:21.699: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar 1 00:15:21.731: IPv6 NAT: src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar 1 00:15:21.755: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar 1 00:15:21.791: IPv6 NAT: src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
可以看到icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)来自R3的icmp包被转
换了,此时R3使用的v4地址为16.23.32.10
现在在R1处ping这个地址16.23.32.10:
R1#ping 16.23.32.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 16.23.32.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 128/152/204 ms
成功ping通.
此时的R2出现的调试信息:
*Mar 1 00:20:01.823: IPv6 NAT: icmp src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar 1 00:20:01.967: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar 1 00:20:02.007: IPv6 NAT: src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar 1 00:20:02.099: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar 1 00:20:02.135: IPv6 NAT: src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar 1 00:20:02.211: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar 1 00:20:02.327: IPv6 NAT: src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar 1 00:20:02.407: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar 1 00:20:02.463: IPv6 NAT: src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar 1 00:20:02.535: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)