Virtual Router/ Firewall/ VPN

Reply
New Contributor
Posts: 2
Registered: ‎03-01-2017

464xlat support in vyatta router

Hi:

 

I would like to know if vyatta router support 464xlat. Somo web and tutorial pages said that vyatta have a CLAT client. I would like to confirm this information, since i don't see any official documentation about it. My interest in 464xlat is the posibility to have ipv6-only network that support apps like skype (which doesn't work with ipv6 only)

 

Thanks for your answer.

 

Ricardo

Brocadian
Posts: 8
Registered: ‎06-17-2015

Re: 464xlat support in vyatta router

Brocade vRouter 5600 supports NAT6-4 to allow an IPv6-only client to reach an IPv4-only server. It uses IPv4-Embedded IPv6 Addresses as per RFC-6052 and creates a session for each incoming nes session from the IPv6 client to the IPv4 server.
The configuration is very simple, as shown in the example below:

(IPv6-Only)   2001:db8::/32   (SUT)   20.0.0.0/30   (IPv4-Only)
     R3-------------------------R1-----------------------R2
       :1e00:2::       :1e00:1::  .1                   .2

R1 Configuration

 

interfaces {
        dataplane dp0s6 {
                address 20.0.0.1/30
                description To-R2
        }
        dataplane dp0s8 {
                address 2001:db8:1e00:1::/32
                description To-R3
        }
}
service {
        nat {
                ipv6-to-ipv4 {
                        rule 10 {
                                destination {
                                        prefix 2001:db9::/32
                                }
                                inbound-interface dp0s8
                                source {
                                        prefix 2001:db8::/32
                                }
                        }
                }
        }
}

R2 Configuration

 

interfaces {
        dataplane dp0s3 {
                address 20.0.0.2/30
                description To-R1
        }
}
protocols {
        static {
                route 30.0.0.0/30 {
                        next-hop 20.0.0.1
                }
        }
}

R3 Configuration

 

interfaces {
        dataplane dp0s6 {
                address 2001:db8:1e00:2::/32
                description To-R1
        }
}
protocols {
        static {
                route6 2001:db9::/32 {
                        next-hop 2001:db8:1e00:1::
                }
        }
}

Verification

 

Ping from R3 to R2

vyatta@R3:~$ ping 2001:db9:1400:2::
PING 2001:db9:1400:2:Smiley Sad2001:db9:1400:2:Smiley Happy 56 data bytes
64 bytes from 2001:db9:1400:2::: icmp_seq=1 ttl=63 time=0.838 ms
64 bytes from 2001:db9:1400:2::: icmp_seq=2 ttl=63 time=0.526 ms
64 bytes from 2001:db9:1400:2::: icmp_seq=3 ttl=63 time=0.789 ms
^C
--- 2001:db9:1400:2:: ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.526/0.717/0.838/0.140 ms
vyatta@R3:~$

SSH from R3 to R2

 

vyatta@R3:~$ ssh vyatta@2001:db9:1400:2::
Welcome to Brocade Network OS

vyatta@2001:db9:1400:2::'s password:
Welcome to Brocade Network OS
Version:      5.2R2
Description:  Brocade Network OS 5600 5.2R2 Standard
Built on:     Tue Nov 29 22:52:37 UTC 2016
Last login: Fri Mar  3 18:30:59 2017 from 30.0.0.2
vyatta@R2:~$

Sessions Table on R1

 

vyatta@R1:~$ show session-table
TCP state codes: SS - SYN SENT, SR - SYN RECEIVED, ES - ESTABLISHED,
                 FW - FIN WAIT, CW - CLOSE WAIT, LA - LAST ACK,
                 TW - TIME WAIT, CL - CLOSE, LI - LISTEN

CONN ID         Source                          Destination                     Protocol        TIMEOUT Intf            Parent
10              30.0.0.2:9558                   20.0.0.2:9558                   icmp [1] ES     16      dp0s6   0
11              30.0.0.2:36452                  20.0.0.2:22                     tcp [6] ES      86385   dp0s6   0
vyatta@R1:~$

Traffic on IPv6 Interface

 

vyatta@R1:~$ monitor interfaces dataplane dp0s8 traffic filter icmp6
Capturing on 'dp0s8'
  1   0.000000 2001:db8:1e00:2:: -> 2001:db9:1400:2:: ICMPv6 118 Echo (ping) request id=0x259a, seq=1, hop limit=64
  2   0.000380 2001:db9:1400:2:: -> 2001:db8:1e00:2:: ICMPv6 118 Echo (ping) reply id=0x259a, seq=1, hop limit=63 (request in 1)
  3   0.998993 2001:db8:1e00:2:: -> 2001:db9:1400:2:: ICMPv6 118 Echo (ping) request id=0x259a, seq=2, hop limit=64
  4   1.001562 2001:db9:1400:2:: -> 2001:db8:1e00:2:: ICMPv6 118 Echo (ping) reply id=0x259a, seq=2, hop limit=63 (request in 3)
  5   2.000774 2001:db8:1e00:2:: -> 2001:db9:1400:2:: ICMPv6 118 Echo (ping) request id=0x259a, seq=3, hop limit=64
^C  6   2.003360 2001:db9:1400:2:: -> 2001:db8:1e00:2:: ICMPv6 118 Echo (ping) reply id=0x259a, seq=3, hop limit=63 (request in 5)
6 packets captured
vyatta@R1:~$

Traffic on IPv4 Interface

 

vyatta@R1:~$ monitor interfaces dataplane dp0s6 traffic filter icmp
Capturing on 'dp0s6'
  1   0.000000     30.0.0.2 -> 20.0.0.2     ICMP 98 Echo (ping) request  id=0x25b6, seq=1/256, ttl=63
  2   0.000337     20.0.0.2 -> 30.0.0.2     ICMP 98 Echo (ping) reply    id=0x25b6, seq=1/256, ttl=64 (request in 1)
  3   1.000453     30.0.0.2 -> 20.0.0.2     ICMP 98 Echo (ping) request  id=0x25b6, seq=2/512, ttl=63
  4   1.000776     20.0.0.2 -> 30.0.0.2     ICMP 98 Echo (ping) reply    id=0x25b6, seq=2/512, ttl=64 (request in 3)
  5   2.000673     30.0.0.2 -> 20.0.0.2     ICMP 98 Echo (ping) request  id=0x25b6, seq=3/768, ttl=63
^C  6   2.003022     20.0.0.2 -> 30.0.0.2     ICMP 98 Echo (ping) reply    id=0x25b6, seq=3/768, ttl=64 (request in 5)
6 packets captured
vyatta@R1:~$
New Contributor
Posts: 2
Registered: ‎03-01-2017

Re: 464xlat support in vyatta router

It looks great. However I wonder if this configuration avoid that applications like skype and many others, work inside a IPv6 only network. That's my main interest.

Does vyatta support RFC6877?. By your answer, vyyata support the PLAT side for sure, but what about CLAT part?

Thanks.
Highlighted
Brocadian
Posts: 8
Registered: ‎06-17-2015

Re: 464xlat support in vyatta router

Brocade 5600 vRouter supports NAT'ing IPv6 addresses to IPv4 only, not the other way around, that is the Client must be in the IPv6 side and the Server in the IPv4 side.

The above NAT configuration will allow communication between 2 IPv6 hosts even though it is routed over the same interface where NAT-6-to-4 is performed, as long as the IPv6 flow does not match any NAT rule. IOW, while supporting PLAT function, vRouter still supports native IPv6 routing. IHTH.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.