No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C00 Feature Description - NAT and IPv6 Transition 01

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
NAT64 ALG

NAT64 ALG

NAT64 changes only the IP address and port number in a TCP/UDP packet header. Packets of some protocols such as ICMP and FTP carry IP addresses or port numbers in their payload. After NAT is performed, the IP address and port number in the TCP/UDP header are different from those in the payload, causing communication errors. For example, an FTP server using an internal IP address may be required to sends its IP address to an external network host when communicating with the external network host. The internal IP address is encapsulated in the Data field of IP packets, which cannot be translated by NAT64. The external network host then uses the internal IP address carried in the IP packet payload and finds that the FTP server is unreachable.

A good way to solve the NAT64 issue for these special protocols is to use the Application Level Gateway (ALG) function. As a special conversion agent for application protocols, the NAT64 ALG interacts with the NAT device to establish states. It uses NAT state information to change the specific data in the Data field of IP packets and complete other necessary work, so that application protocols can run across internal and external networks.

For example, when an error occurs in packet A which is sent from a host on a private network to a public network, an ICMP unreachable packet is returned. The ICMP packet carries the header of the error packet A. Because the address is translated by a NAT64 device before packet A is sent, the source address is not the actual address of the host. If ICMP ALG is enabled, the ALG interacts with the NAT64 device before the ICMP packet is forwarded. The ALG translates the address in the Data field of packet A to the actual address of the host and completes other necessary work, so the NAT64 device can send the ICMP packet to the host.

NAT64 supports ALG for ICMP, FTP, HTTP, and DNS.

NAT64 ALG for ICMP

NAT64 ALG translates the IP/ICMP packet header, and IP address and port number in the ICMP payload.

NAT64 ALG for FTP

  • The FTP server is deployed on the IPv4 network. IPv6 users send EPRT requests to access the FTP server. The NAT64 device needs to convert EPRT requests into PORT requests and translates IPv6 addresses into the IPv4 addresses. The NAT64 device delivers the Servermap table to the forwarding plane so that data traffic on the IPv4 network can be transmitted.
  • The FTP server is deployed on the IPv4 network. IPv6 users send EPSV requests to access the FTP server. The NAT64 device needs to convert EPSV requests into PASV requests and translates IPv4 addresses of EPSV responses into the IPv6 addresses.

NAT64 ALG for HTTP

HTTP redirection function redirects a user from an URL to another URL. The following redirection modes are often used:
  • 301 Moved Permancently: indicates that requested resources are permanently available in the redirect-to URL. The new URI is carried in the Location header.
  • 302 Found: indicates that requested resources are temporarily available in the redirect-to URL. The redirect-to URL may change sometimes. The new URI is carried in the Location header.

The response contains the Location header field. The Location header field is used to complete the request or identify a new resource so that receivers can redirect to the URI specified by the Location header field but not the requested URI. If the URI in the Location header field contains the IPv4 address, the NAT64 device needs to convert IPv4 addresses into IPv6 addresses.

NAT64 ALG for DNS

If a network has only the DNS4 server deployed, NAT64 ALG is required to obtain IPv4 addresses. Figure 6-2 shows the networking and data traffic paths.

Figure 6-2  NAT64 DNS ALG networking
  1. An IPv6 terminal sends DNS AAAA query request record packet to the IPv4 network.
  2. After the query request reaches the DNS ALG of the NAT64 device, the DNS ALG converts AAAA record into A record and sends it to the DNS4 server on the IPv4 network.
  3. The DNS4 server on the IPv4 network completes domain name resolution and returns a resolution result. In this case, the DNS4 server obtains the IPv4 address mapping the domain name.
  4. When the resolution result reaches the DNS ALG of the NAT64 device, the DNS ALG converts A record response into AAAA record response, converts the IPv4 address into the IPv6 address, and saves the mapping locally. The obtained IPv4 address is mapped to the IPv6 address by the DNS ALG.
  5. The IPv6 terminal can access the IPv4 address after receiving IPv4 destination address resolution result from the NAT64 device.
Download
Updated: 2018-07-04

Document ID: EDOC1100027155

Views: 19755

Downloads: 67

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next