In the last post we discussed using NAT64 for IPv6-only clients to reach both the IPv6 and IPv4 Internet. Supporting both IPv6 and IPv4 is a struggle and will continue to be a struggle. In this article I’ll be demonstrating a scenario where the client is running dual-stack with a public v6 address and an RFC1918 v4 address using NAT. This will give a good base for verifying v6 and v4 connectivity without a lot of hassle.
Here is the basic network that I built in the lab:
I made use of Google’s public DNS servers at 126.96.36.199 and 188.8.131.52. These servers return both A and AAAA records if they are available. For sites that return AAAA records the client would connect via IPv6 and for sites with just A records the client would connect via IPv4.
Here are various DNS lookups. I had to set type=AAAA to see the IPv6 DNS records, but after that things started to make a little more sense.
C:Documents and Settingsmpreath.CCIDOMAIN>nslookup
Default Server: google-public-dns-a.google.com
Addresses: 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124
> set type=AAAA
ipv6.google.com canonical name = ipv6.l.google.com
ipv6.l.google.com AAAA IPv6 address = 2001:4860:800b::93
ipv6.netflix.com AAAA IPv6 address = 2620:0:ef0:13::20
The router facing the client computer was configured with both IPv6 address, IPv4 addresses, and IPv4 NAT. The configuration was relatively short, but here are the import points:
IPv6 + IPv4 public on upstream interface:
ip address XX.YY.56.251 255.255.255.248
ip nat outside
ipv6 address XXXX:YYYY::6/126
IPv6 + IPv4 private on customer facing interface:
ip address 192.168.253.1 255.255.255.0
ip nat inside
ipv6 address XXXX:YYYY:0:1E0::1/64
ip nat inside source list 101 interface FastEthernet0/0 overload
access-list 101 permit ip 192.168.253.0 0.0.0.255 any
For the border router there was already IPv4 peering configured so IPv6 BGP peering had to be added. This was a pretty simple process once we had it worked out with our upstream IPv6 provider.
IPv6 on upstream interface:
ipv6 address XXXX:YYYY:0:42::2/126
IPv6 + IPv4 on downstream interface:
ip address XX.YY.56.249 255.255.255.248
ipv6 address XXXX:YYYY::5/126
router bgp XXXXX
neighbor XXXX:YYYY:0:42::1 remote-as YYYY
neighbor XXXX:YYYY:0:42::1 prefix-list in
neighbor XXXX:YYYY:0:42::1 prefix-list out
neighbor XXXX:YYYY:0:42::1 activate
neighbor XXXX:YYYY:0:42::1 route-map in
neighbor XXXX:YYYY:0:42::1 route-map out
This showed my proper global v6 address and then did an IPv4 only test.
which showed my correct v4 public address.
The dual-stack testing went well with minimal troubles. I had to troubleshoot an v6 route issue in our border router and enable IPv6 in Windows XP. Once those items were resolved I had no trouble accessing sites via v6 and v4.
The next lab project I will be doing is a NAT64 demo with an IPv6 only client.