src/plugins/nat/nat64/nat64_doc.rst - fdio/vpp - Gitiles

 Stateful NAT64
 ==============

 This document describes stateful NAT64 Network Address and Protocol
 Translation

 Introduction
 ------------

 Stateful NAT64 in VPP allows IPv6-only clients to contact IPv4 servers
 using unicast UDP, TCP, or ICMP based on RFC 6146.

 Configuration
 -------------

 Enable/disable NAT64 feature on the interface
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    set interface nat64 in|out [del]

 in: inside/local/IPv6 network out: outside/external/IPv4 network intfc:
 interface name

 Add/delete NAT64 pool address
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 One or more public IPv4 addresses assigned to a NAT64 are shared among
 several IPv6-only clients.

    nat64 add pool address [- ] [tenant-vrf ] [del]

 ip4-range-start: First IPv4 address of the range ip4-range-end: Last
 IPv4 address of the range (optional, not used for single address)
 tenant-vrf-id: VRF id of the tenant associated with the pool address
 (optional, if not set pool address is global)

 Add/delete static BIB entry
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Stateful NAT64 also supports IPv4-initiated communications to a subset
 of the IPv6 hosts through statically configured bindings.

    nat64 add static bib tcp|udp|icmp [vfr ] [del]

 ip6-addr: inside IPv6 address of the host in-port: inside port or ICMPv6
 identifier ip4-addr: outside IPv4 address of the host out-port: outside
 port or ICMPv4 identifier table-id: VRF id of the tenant associated with
 the BIB entry (optional, default use global VRF)

 Set NAT64 session timeouts
 ~~~~~~~~~~~~~~~~~~~~~~~~~~

 Session is deleted when timer expires. If all sessions corresponding to
 a dynamically create BIB entry are deleted, then the BIB entry is also
 deleted. When packets are flowing session timer is refreshed to keep the
 session alive.

    set nat64 timeouts udp icmp tcp-trans tcp-est tcp-incoming-syn \|
    reset

 udp: UDP session timeout value (default 300sec) icmp: ICMP session
 timeout value (default 60sec) tcp-trans: transitory TCP session timeout
 value (default 240sec) tcp-est: established TCP session timeout value
 (default 7440sec) tcp-incoming-syn: incoming SYN TCP session timeout
 value (default 6sec) reset: reset timers to default values

 Set NAT64 prefix
 ~~~~~~~~~~~~~~~~

 Stateful NAT64 support the algorithm for generating IPv6 representations
 of IPv4 addresses defined in RFC 6052. If no prefix is configured,
 Well-Known Prefix (64:ff9b::/96) is used.

    nat64 add prefix / [tenant-vrf ] [del]

 ip6-prefix: IPv6 prefix plen: prefix length (valid values: 32, 40, 48,
 56, 64, or 96) tenant-vrf: VRF id of the tenant associated with the
 prefix

 Show commands
 ~~~~~~~~~~~~~

    show nat64 pool show nat64 interfaces show nat64 bib tcp|udp|icmp
    show nat64 session table tcp|udp|icmp show nat64 timeouts show nat64
    prefix

 Notes
 -----

 Multi thread is not supported yet (CLI/API commands are disabled when
 VPP runs with multiple threads).
	Stateful NAT64
	==============

	This document describes stateful NAT64 Network Address and Protocol
	Translation

	Introduction
	------------

	Stateful NAT64 in VPP allows IPv6-only clients to contact IPv4 servers
	using unicast UDP, TCP, or ICMP based on RFC 6146.

	Configuration
	-------------

	Enable/disable NAT64 feature on the interface
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	set interface nat64 in\|out [del]

	in: inside/local/IPv6 network out: outside/external/IPv4 network intfc:
	interface name

	Add/delete NAT64 pool address
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	One or more public IPv4 addresses assigned to a NAT64 are shared among
	several IPv6-only clients.

	nat64 add pool address [- ] [tenant-vrf ] [del]

	ip4-range-start: First IPv4 address of the range ip4-range-end: Last
	IPv4 address of the range (optional, not used for single address)
	tenant-vrf-id: VRF id of the tenant associated with the pool address
	(optional, if not set pool address is global)

	Add/delete static BIB entry
	~~~~~~~~~~~~~~~~~~~~~~~~~~~

	Stateful NAT64 also supports IPv4-initiated communications to a subset
	of the IPv6 hosts through statically configured bindings.

	nat64 add static bib tcp\|udp\|icmp [vfr ] [del]

	ip6-addr: inside IPv6 address of the host in-port: inside port or ICMPv6
	identifier ip4-addr: outside IPv4 address of the host out-port: outside
	port or ICMPv4 identifier table-id: VRF id of the tenant associated with
	the BIB entry (optional, default use global VRF)

	Set NAT64 session timeouts
	~~~~~~~~~~~~~~~~~~~~~~~~~~

	Session is deleted when timer expires. If all sessions corresponding to
	a dynamically create BIB entry are deleted, then the BIB entry is also
	deleted. When packets are flowing session timer is refreshed to keep the
	session alive.

	set nat64 timeouts udp icmp tcp-trans tcp-est tcp-incoming-syn \\|
	reset

	udp: UDP session timeout value (default 300sec) icmp: ICMP session
	timeout value (default 60sec) tcp-trans: transitory TCP session timeout
	value (default 240sec) tcp-est: established TCP session timeout value
	(default 7440sec) tcp-incoming-syn: incoming SYN TCP session timeout
	value (default 6sec) reset: reset timers to default values

	Set NAT64 prefix
	~~~~~~~~~~~~~~~~

	Stateful NAT64 support the algorithm for generating IPv6 representations
	of IPv4 addresses defined in RFC 6052. If no prefix is configured,
	Well-Known Prefix (64:ff9b::/96) is used.

	nat64 add prefix / [tenant-vrf ] [del]

	ip6-prefix: IPv6 prefix plen: prefix length (valid values: 32, 40, 48,
	56, 64, or 96) tenant-vrf: VRF id of the tenant associated with the
	prefix

	Show commands
	~~~~~~~~~~~~~

	show nat64 pool show nat64 interfaces show nat64 bib tcp\|udp\|icmp
	show nat64 session table tcp\|udp\|icmp show nat64 timeouts show nat64
	prefix

	Notes
	-----

	Multi thread is not supported yet (CLI/API commands are disabled when
	VPP runs with multiple threads).