Configuring Centralized MAP-T
Centralized Scenario
In a centralized scenario, the MAP-BR and BRAS reside on different devices. The BRAS functions as a DHCPv6 server to deliver MAP addresses and mapping rules to MAP-CEs in DHCPv6 IA_PD mode. Router A functioning as the MAP-BR resides on the edge of a MAP domain and accesses the public IPv4 network through the IPv6 network that is within the MAP domain. The MAP-CEs use each other's public IPv4 address to communicate through the MAP-BR.
Configuration Roadmap
In the centralized scenario, MAP-T must be configured on the BRAS and MAP-BR.
- Configuring a BRAS
- Configuring a MAP-BR
- Configuring a BMR
- Configuring a DMR
- Binding a DMR to a MAP-T Instance
- Binding a BMR to a MAP-T Instance
- (Optional) Configuring a Device to Preferentially Assign MAP-T Prefixes to Users
- (Optional) Configuring MAP Translation for ICMP/ICMPv6 Error Packets
- (Optional) Setting an MSS Value for MAP-T Services
- (Optional) Setting an MTU for IPv6 Packets
- (Optional) Setting the Traffic Class of IPv6 Packets
- (Optional) Setting an IPv4 ToS Value
- (Optional) Clearing the DF Field in IPv4 Packets
- Verifying the MAP-T Configuration
Configuring a BRAS
Configuring a BMR
This section describes how to configure a basic mapping rule (BMR). Configure BMR rules on the BRAS to instruct the BRAS to assign IPv6 and IPv4 addresses to MAP-CEs.
Context
BMR parameters are configured using multiple commands in an instance. In addition to the IPv4 prefix and length of a MAP domain, the IPv6 prefix and length, and EA length, PSID offset can also be configured. The PSID offset can be used to reserve ports for public IP addresses.
Procedure
- Run system-view
The system view is displayed.
- Run map rule rule-name
The MAP rule view is displayed.
- Run rule-prefix ipv6–prefix prefix-length v6prefix-length ipv4–prefix ipv4–prefix prefix-length v4prefix-length [ vpn-instance vpn-instance-name ] ea-length ea-length [ psid-offset offset-length ]
The device is enabled to verify and encapsulate MAP packets.
A unique IPv6 address must be set in each BMR. The IPv6 addresses of BMRs cannot be identical. - Run commit
The configuration is committed.
Configuring a DMR
A default mapping rule (DMR) can be created. A MAP-CE encapsulates an IPv6 prefix defined in the DMR into packets and directs the packets to a service boards. The service boards convert the packets in a MAP-T instance to which the DMR is bound.
Configuring an IPv6 Delegation Prefix Pool
In a MAP-E or MAP-T scenario, a MAP rule needs to be bound to an IPv6 delegation prefix pool. The NE20E uses the BMR configured using the map-rule command to assign prefixes to MAP users.
Procedure
- Run system-view
The system view is configured.
- Run ipv6 prefix prefix-name delegation
An IPv6 delegation prefix pool is created, and the IPv6 delegation prefix pool view is displayed.
- Run map-rule rule-name
A MAP rule is bound to the IPv6 delegation prefix pool.
- Run commit
The configuration is committed.
Configuring an IPv6 Delegation Address Pool
In a MAP-T scenario, a prefix pool, a DMR prefix, and an FMR flag bit need to be configured in an IPv6 delegation address pool.
Procedure
- Run system-view
The system view is configured.
- Run ipv6 prefix prefix-name delegation
An IPv6 delegation prefix pool is created, and the IPv6 delegation prefix pool view is displayed.
- Run prefix prefix-name
An IPv6 prefix address is bound to the IPv6 delegation address pool.
- Run option-s46 dmr-prefix dmr-prefix-name
A DMR prefix is bound to an IPv6 delegation address pool. The NE20E adds OPTION_S46_DMR (option 91) to an IPv6 prefix in a DCHPv6 Response message to be sent to MAP-T users.
- (Optional) Run option-s46 fmr-flag disable
The F-flag bit is set to 0 in DHCPv6 OPTION_S46_RULE (option 89).
- Run commit
The configuration is committed.
Configuring a MAP-BR
Configuring a BMR
This section describes how to configure a basic mapping rule (BMR). A BMR is used to convert user-side IPv6 addresses into IPv4 addresses and network-side IPv4 addresses into IPv6 addresses.
Context
BMR parameters are set in an instance. The parameters include the IPv4 prefix and length, IPv6 prefix and length, embedded address length, and PSID offset. The PSID offset is used to reserve ports based on public IP addresses.
Procedure
- Run system-view
The system view is displayed.
- Run map rule rule-name
The MAP rule view is displayed.
- Run rule-prefix ipv6–prefix prefix-length v6prefix-length ipv4–prefix ipv4–prefix prefix-length v4prefix-length [ vpn-instance vpn-instance-name ] ea-length ea-length [ psid-offset offset-length ]
Parameters are configured to verify and encapsulate MAP packets.
A unique IPv6 address must be set in each BMR. The IPv6 addresses of BMRs cannot be identical. - Run commit
The configuration is committed.
Configuring a DMR
A default mapping rule (DMR) can be created. A MAP-CE encapsulates an IPv6 prefix defined in the DMR into packets and directs the packets to a service boards. The service boards convert the packets in a MAP-T instance to which the DMR is bound.
Binding a DMR to a MAP-T Instance
This section describes how to bind a DMR to a MAP-T instance. The DMR is used by a MAP-CE to select a MAP-T instance to convert IPv6 packets.
Binding a BMR to a MAP-T Instance
This section describes how to bind a BMR to a MAP-T instance. The BMR is used to encapsulate and verify packets in the MAP-T instance.
(Optional) Configuring a Device to Preferentially Assign MAP-T Prefixes to Users
In a MAP-E or MAP-T scenario, if users request both MAP-E and MAP-T options, a device prioritizes the requests and assigns a prefix to a higher-priority MAP option first, and if this attempt fails, to a lower-priority MAP option.
Context
By default, the NE20E preferentially assigns MAP-E prefixes. If the allocation attempt fails, the NE20E assigns MAP-T prefixes to users. Run the following steps if you want the NE20E to preferentially assign MAP-T prefixes to users:
Procedure
- Run system-view
The system view is configured.
- Run aaa
The AAA view is displayed.
- Run domain domain-name
A domain is created, and the AAA domain view is displayed.
- Run map priority map-t
The device is enabled to preferentially assign MAP-T prefixes to users.
- Run commit
The configuration is committed.
(Optional) Configuring MAP Translation for ICMP/ICMPv6 Error Packets
In a MAP-T scenario, the MAP conversion of ICMP error packets can be performed only after the MAP conversion function is configured for ICMP error packets.
(Optional) Setting an MSS Value for MAP-T Services
The MSS value in the TCP protocol is used to specify the length of a TCP packet that can be transmitted without being fragmented. During the TCP connection establishment, the MSS value is carried in a SYN packet to notify the peer end of the maximum size of a packet that can be received by the local end.
Prerequisites
After the MSS value is set in the MAP instance view, a CGN device changes the MSS value in all TCP packets that belong to the MAP service. If the MSS value in the negotiation process is greater than the configured MSS value, the CGN device uses the MSS value configured by the user. If the MSS value during the negotiation is smaller than the configured MSS value, the MSS value in the negotiation process is retained. When the maximum packet length is set, the maximum length of IP packets that can be sent by the interface is calculated using a formula (Maximum packet length + 20-byte IP header + 20-byte TCP header). The maximum length of IP packets that can be sent by the interface is limited by the MTU value. Therefore, when the value calculated using the formula (Maximum packet length + 20-byte IP header + 20-byte TCP header) is greater than the MTU value, the packets are fragmented. Therefore, you are advised to set the TCP MSS value as large as possible without causing packet fragmentation to improve packet transmission efficiency. If the size of packets for MAP processing is larger than a link MTU, the packets are fragmented. You can reduce the MSS value in TCP, which prevents a NAT board from fragmenting packets and helps improve MAP efficiency.
(Optional) Setting an MTU for IPv6 Packets
This section describes how to set a maximum transmission unit. Whether to fragment translated packets depends on the smaller value between the MTU configured in an instance and the interface MTU. To customize the MTU value of the IPv6 packets in a MAP instance, set the MTU value in the MAP instance.
(Optional) Setting the Traffic Class of IPv6 Packets
When an IPv4 packet is translated into an IPv6 packet, the Traffic-Class field value in the IPv6 packet is copied from the ToS field in the IPv4 packet. To modify the traffic class of IPv6 packets, set the traffic class value of IPv6 packets in an instance.
Procedure
- Run system-view
The system view is displayed.
- Run map-t instance instance-name [ id id ]
The MAP-T instance view is displayed.
- Run map traffic-class class-value
The Traffic-Class field is set for public network-to-private network IPv6 traffic.
By default, a device copies the IPv4 ToS field value and pastes it to the Traffic-Class field in IPv6 packets.
- Run commit
The configuration is committed.
(Optional) Setting an IPv4 ToS Value
When an IPv6 packet is translated into an IPv4 packet, the ToS value in the IPv4 packet is copied from the Traffic-Class field in the IPv6 packet by default. To change the ToS value in the IPv4 packet, set the ToS value of the IPv4 packet in an instance.
Procedure
- Run system-view
The system view is displayed.
- Run map-t instance instance-name [ id id ]
The MAP-T instance view is displayed.
- Run map ipv4-tos tos-value
An IPv4 ToS value is set for IPv4 traffic after private network-to-public network IPv6 traffic is converted to IPv4 traffic.
By default, a device copies the IPv6 Traffic-Class field value and pastes it to the ToS field in IPv4 packets. - Run commit
The configuration is committed.
(Optional) Clearing the DF Field in IPv4 Packets
The default implementation is as follows. Before a device translates an IPv6 packet into an IPv4 packet, if the IPv6 packet does not carry the fragment extension header and the packet length is less than or equal to 1280 bytes, the DF field in the IPv4 packet is set to 0 (can be fragmented). If the IPv6 packet does not carry the fragment extension header and the packet length is greater than 1280 bytes, the DF field in the IPv4 packet is set to 1 (cannot be fragmented). If the IPv6 packet carries the fragment extension header, the DF field in the IPv4 packet is set to 0 (can be fragmented). After the DF field clearing function is enabled, the device sets the DF field in IPv4 packets to 0.
Procedure
- Run system-view
The system view is displayed.
- Run map-t instance instance-name [ id id ]
The MAP-T instance view is displayed.
- Run map ipv6 df-override enable
The device is enabled to set the DF field to 0 for IPv4 packets after IPv6 packets are converted to IPv4 packets.
- Run commit
The configuration is committed.
Verifying the MAP-T Configuration
After configuring basic MAP-T functions, verify the configurations.
- Configuring a BRAS
- Configuring a MAP-BR
- Configuring a BMR
- Configuring a DMR
- Binding a DMR to a MAP-T Instance
- Binding a BMR to a MAP-T Instance
- (Optional) Configuring a Device to Preferentially Assign MAP-T Prefixes to Users
- (Optional) Configuring MAP Translation for ICMP/ICMPv6 Error Packets
- (Optional) Setting an MSS Value for MAP-T Services
- (Optional) Setting an MTU for IPv6 Packets
- (Optional) Setting the Traffic Class of IPv6 Packets
- (Optional) Setting an IPv4 ToS Value
- (Optional) Clearing the DF Field in IPv4 Packets
- Verifying the MAP-T Configuration
