Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

IP Addressing: NAT Configuration Guide, Cisco IOS XE 17

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

IP Addressing: NAT Configuration Guide, Cisco IOS XE 17

Chapter Title

NPTv6 Support

Results

Updated:
March 29, 2021

Chapter: NPTv6 Support

NPTv6 Support

The NPTv6 feature supports IPv6-to-IPv6 Network Prefix Translation (NPTv6) which enables a router to translate an IPv6 packet header to IPv6 packet header and vice versa. The IPv6-to-IPv6 Network Prefix Translation (NPTv6) provides a mechanism to translate an inside IPv6 source address prefix to outside IPv6 source address prefix in IPv6 packet header and vice-versa. A router that implements an NPTv6 prefix translation function is referred to as an NPTv6 Translator.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/. An account on Cisco.com is not required.

Information About NPTv6 support

The IPv6-to-IPv6 Network Prefix Translation (NPTv6) serves as a useful mechanism for implementing address independence in an IPv6 environment. A major benefit associated with NPTv6 is the fact that it avoids the requirement for an NPTv6 Translator to rewrite the transport layer headers which reduces the load on network devices. NPTv6 also does not interfere with encryption of the full IP payload.

The NPTv6 support allows for greater reliability as it provides support for load balancing and achieves the translation without breaking the end-to-end reachability at the network layer.

The following sections provide details about NPTv6 support:

Benefits of Using NPTv6 support

The NPTv6 support allows you to redirect or forward packets from one network to another in an IPV6 environment. The NPTv6 support on is an algorithmic translation function which provides a 1:1 relationship between the addresses within the inside and outside network. When NTPv6 is used, you can interconnect different networks and support multihoming, load balancing, peer-to-peer networking. The NPTv6 does not create any state in the date plane and hence can operate using minimal memory and also supports high availability by default.

The NPTv6 supports prefix longer than 64 bits and also supports static IPv6 host to host translations. You can configure IPv4 and IPv6 translations on the same interface using NPTv6 support and scaling is supported. The NPTv6 feature also supports Packet tracing and conditional debugging.

Restrictions for NPTv6 support

  • Multicast is not supported.

  • Firewall is not supported.

  • High Speed Logging (HSL) and syslog is not supported..

IPv6 Prefix Format

The NPTv6 support uses IPv6 prefix format for translation. The first 48 bits of the Ipv6 address represents the IPv6 prefix. The NPTv6 Translator is used to translate the address prefixes. The translation function first ensures that the internal and external prefixes are of the same length and if not, extends the shorter of the two with zeroes.

NPTv6 Translation Inside to Outside Network

In NPTv6 a datagram is allowed to pass through the NPTv6 Translator from an internal to an external network. When the pass is from an internal to external network, the internal prefix is overwritten with the external prefix and the header checksum is generated.

NPTv6 Translation Outside to Inside Network

In NPTv6, when a datagram passes from an external network to an internal network through an NPTv6 Translator, the external prefix is overwritten with the internal prefix and the header checksum is generated.

Configuring NPTv6

You can configure the inside and outside prefix for NPTv6 translation.

To configure NPTv6 support : 
enable
 configure terminal
   interface GigabitEthernet0/0/0
    nat66 inside
   interface GigabitEthernet0/0/1
    nat66 outside
   nat66 prefixinside 2002:AB01::/64outside 2002:AB02::/64
   end

Verifying NPTv6 Configuration

Use the show nat66 prefix command to verify the stateless NAT66 prefix configuration: 
Device# show nat66 prefix
Prefixes configured: 1
NAT66 Prefixes
Id: 1 Inside 2002:AB01::/64 Outside 2002:AB02::/64
Use the show nat66 statistics command to verify the NAT66 interface and global configuration: 
Device# show nat66 statistics 
NAT66 Statistics

Global Stats:
   Packets translated (In -> Out)
      : 7
   Packets translated (Out -> In)
      : 7
Use the show platform hardware qfp active feature nat66 datapath basecfg command to verify the global stateless NPTv6 prefix in the data plane along with other base configuration information: 
Device# show platform hardware qfp active feature nat66 datapath basecfg
nat66 cfg_flags 0x00000001, dbg_flags 0x00000000
nat66_prefix_hash_table_entries 2048, nat66_prefix_hash_table 0x89628400
prefix hasht 0x89628400 max 2048 chunk 0x8c392bb0 hash_salt 719885386
Use the show platform hardware qfp active feature nat66 datapath prefix command to verify the passed interfaces stateless NPTv6 prefix configuration: 
Device# show platform hardware qfp active feature nat66 datapath prefix
prefix hasht 0x89628400 max 2048 chunk 0x8c392bb0 hash_salt 719885386
NAT66 hash[1] id(1) len(64) vrf(0) in: 2002:ab01:0000:0000:0000:0000:0000:0000 out: 2002:ab02:0000:0000:0000:0000:0000:0000 in2out: 7 out2in: 7
Use the show platform hardware qfp active feature nat66 datapath statistics to verify the global NPTv6 statistics. 
Device# show platform hardware qfp act feat nat66 data statistics 
in2out xlated pkts 7
out2in xlated pkts 7
NAT66_DROP_SC_INVALID_PKT 0
NAT66_DROP_SC_BAD_DGLEN 0
NAT66_DROP_SC_PLU_FAIL 22786
NAT66_DROP_SC_PROCESS_V6_ERR 0
NAT66_DROP_SC_INVALID_EMBEDDED 0
NAT66_DROP_SC_SRC_RT 0
NAT66_DROP_SC_NOT_ENABLED 0
NAT66_DROP_SC_NO_GPM 0
NAT66_DROP_SC_LOOP 0
in2out_pkts 22768 out2in_pkts 22793
in2out_pkts_untrans 22761 out2in_pkts_untrans 22786
in2out_lookup_pass 7 out2in_lookup_pass 7
in2out_lookup_fail 0 out2in_lookup_fail 22786
mem_alloc_fail 0 prefix_fail 0
total prefix count 1

Troubleshooting Tips

You must make sure that the inside and outside interfaces are configured.

Use the following debug commands if you have any configuration issues:

  • debug platform hardware qfp active feature nat66 datapath detailed - Provides detailed debugging information about the data plane layer.

  • debug platform hardware qfp active feature nat66 datapath all - Displays debugging information about the data plane layer.

  • debug platform condtion feature nat66 datapath submode detailed - Provides data plane layer debugging information using buginf_cond. ACL filter can be supplied via the debug condition infrastructure.

Use Cases for NPTv6 support

Single Inside and Outside Network

You can use an NPTv6 Translator to interconnect two network links, one which is an internal network linked to a leaf network which is within a single administrative domain and the other which is external network with connectivity to a global network like the Internet. All hosts on the internal network use addresses from a single prefix which is routed locally. The addresses will be translated to and from the addresses in a globally routable prefix when the IP datagrams transit the NPTv6 Translator. The lengths of these two prefixes will be functionally the same and if the prefix lengths are different, the longer of the two prefixes limits the ability to use subnets in the shorter prefix.

The figure below illustrates NPTv6 deployment having a single inside and outside network.

Figure 1. NPTv6 using Single Inside and Outside Network


Redundancy and Load Sharing

When more than one NPTv6 Translator is attached to a network, the NPTv6 Translators are configured with the same internal and external prefixes. Since the translation is algorithmic, even though there are multiple translators, they map only one external address to the internal address.

The figure below illustrates NPTv6 deployment in redundancy and load-sharing network.

Figure 2. NPTv6 in Redundancy and Loadsharing Network


Multihoming

In a multihomed network the NPTv6 Translators are attached to an internal network, but are connected to different external networks. The NPTv6 Translators are configured with the same internal prefix but different external prefixes. Since there are multiple translations, the NPTv6 Translator maps multiple external addresses to the common internal address.

The figure below illustrates NPTv6 deployment in multihoming network.

Figure 3. NPTv6 in Multihoming Network


Additional References for NPTv6 support

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Command List, All Releases

IP Addressing Services commands

Cisco IOS IP Addressing Services Command Reference

Standards and RFCs

Standard/RFC

Title

RFC 6296

IPv6-to-IPv6 Network Prefix Translation

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

Related Cisco Community Discussions

About Us
Contact Us
Work with Us