Scenario:
You are working for a large international mining company and responsible for the migration strategy towards IPv6. The ISP has run out of IPv4 addresses and can only supply you with fresh new IPv6 addresses. In order to connect the new “Gold” and “Silver” sites you will need to perform NAT-PT…start digging!
Goal:
- All IPv4 and IPv6 addresses have been preconfigured for you.
- All routers have a default route towards router NATPT.
- Configure NAT-PT and make sure router Platinum is reachable as 2001::C0A8:7B01.
- Configure NAT-PT and make sure router Bronze is reachable as 2001::C0A8:7B02.
- Configure NAT-PT and make sure router Gold is reachable as 192.168.123.4.
- Configure NAT-PT and make sure router Silver is reachable as 192.168.123.5.
- Your configuration is correct when you have full connectivity.
It took me 1000s of hours reading books and doing labs, making mistakes over and over again until I mastered all the routing protocols for CCNP.
Would you like to be a master of routing too? In a short time without having to read 900 page books or google the answers to your questions and browsing through forums?
I collected all my knowledge and created a single ebook for you that has everything you need to know to become a master of routing.
You will learn all the secrets about IPv6, NAT-PT and more.
Does this sound interesting to you? Take a look here and let me show you how to Master CCNP ROUTE
IOS:
c3725-adventerprisek9-mz.124-15.T7.bin
Topology:
Video Solution:
Configuration Files
You need to register to download the GNS3 topology file. (Registration is free!)Once you are logged in you will find the configuration files right here.
The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.
Written by René Molenaar - CCIE #41726
Anybody please share the video config if any body have.
When I do a ping to the other end the result looks like this:
Platinum # ping 192.168.45.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.45.4, timeout is 2 seconds:
!.!.!
Success rate is 60 percent (3 / 5), round-trip min / avg / max = 64/85/108 ms
# Platinum
Gold # ping 2001:12:: C0A8: 7B01
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:12:: C0A8: 7B01, timeout is 2 seconds:
!.!.!
Success rate is 60 percent (3 / 5), round-trip min / avg / max = 60/73/92 ms
Gold #
Why?
To be honest I had the same problem with some of my NAT-PT configs even though the configuration is OK. I tried to look for the answer but couldn’t find it.
If anyone else knows, i’d be delighted to hear it.
Keep in mind NAT-PT is history as per RFC 4966.
sorry to find a error … but the .net file is referring to 3725 image not 3640 as on web-page .
I only got packet loss when the eui-64 and global IPv6 addresses were in place at the same time, the .zip has eui-64 on the interfaces.
Hi Oliver,
What do you exactly mean? You had 2 IPv6 addresses on the interface or use global addresses with EUI-64?
Don’t be sorry for reporting an error, i’m happy you let me know ;D
Rene
NAT-PT does not work with CEF switching, try didable CEF and you should ping with 100%. This this why NAT-PT is historic per RFC4966.
Thanks
Maz Mohamed
Harris Corp
Hi Maz,
Thanks I didn’t know CEF was the problem. Even though NAT-PT is historic it’s still a CCIE R&S topic ;D
Hello Rene,
Still some users use NAT-PT unforunetly like me, however IETF says its historic, Cisco on ther hand I believe not recommending NAT-PT per one of the decumentaion I came across. NAT64 is the replacement, however it’s supported in ASR1000. In may case I have C3800 so I stuck with NAT-PT, and from scalability point of view I’m seeing a numbers of issues, one of them is CEF. What I recomended my customer is to disable fast switching/CEF under interface bases by no ip route-cache command, as I have about only 7 v6 users connected to this router and all 64k bandwidth so not a big deal to disable CEF under those connected interface with low BW. Other issue I had, please check “Multiple IPv6 to connect to single IPv4 server”, under Cisco support community discussions.
Thanks
Maz
Hi Maz,
Thanks for sharing this I didn’t know that. I only know about NAT-PT since its a CCIE topic but never tried it on a production network. Are you working often with IPv6? Maybe you have some nice ideas for lab scenarios I can build ;D
Rene
Hi Rene
Yup, currently working on v6 to/from v4 using NAT-PT, MBGP etc.
Notes:
1) Check the ipv6 default route on Gold and Silver, mine were incorrect (suspect this may be due to eui-64 on local setup – Rene, maybe these addresses should be fully specified?).
2) Addresses on GNS3 topology don’t match web page and video, be careful if like me you have both screens open!
Sorry for that, it’s misleading 😉
Hi Rene,
I made an observation and i think the same thing happened to you on the video you posted.
I realized that when you try to ping from the ipv4 side first, you will never get a reply. You have to initiate a ping from the ipv6 side first, the the natpt router populates it’s nat table with some dynamic entries. Only then, you’ll be able to ping from the ipv4 side.
To prove it, i did the following:
I made sure i was able to ping all routers from both sides.
I cleared the nat table on the NATPT router with a clear ipv6 nat translation *
Again, the same scenario.
The final configurations are not working for me please help me any body have working gns lab please upload it and give me the link…
i need the configuration files, pleaaaaaaaaaaaase 🙂
I also had the issue where the default routes on both routers Gold and Silver were pointing to an ipv6 address which was not configured on NATPT’s f0/1 ingress interface for the ipv6 subnet. The default routes from the downloaded config file were pointing at 2001:A:B:C:C002:12FF:FE79:1. However, router NATPT’s f0/1 ipv6 address is configured to be derived using EUI-64 rules, which automatically populates the interface id part of the address by using the local mac address.
The problem with this is that the local mac addresses seem to randomly change with each fresh start of GNS3. Because of this the default route did not match the address on NATPT’s f0/1 interface, which was in my case 2001:A:B:C:C002:15FF:FE48:1.
By changing the default routes on routers Gold and Silver to match the ipv6 address configured on your specific instance of router NATPT’s f0/1 interface, you should be able to get this lab to function properly.
I found the same issue as Josh. Using EUI-64 will result in your GNS3 program using whatever MAC address you have on your virtual routers and since it’s likely that we all won’t be using the same IOS versions, our individual EUI-64 addresses will differ. Alter your lab scenarios based on your own ipv6 addresses that your IOS generates on the interfaces.
Eu fiz essa configuração no packet tracer 6.2, ele aceitou todas as configuraçoes, mas só que eu não consegui efutuar o ping dos roteadores que estavam configurados com IPv6 para os que estavam configurados para IPv4 e virce versa.