IPv6和IPv4互通實驗 nat-pt

IP IPv6 NAT-PT 動態映射實驗

有三臺路由器分別爲R1,R2,R3,拓撲如上圖.

R1配置:
int f0/0
no sh
int f0/0.12
en do 12
ip add 12.1.1.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 12.1.1.2

R3配置:
ipv6 unicast-routing

int f0/0
no sh
int f0/0.23
en do 23
ipv6 address 2023::3/64

ipv6 route ::/0 2023::2

R2配置:
ipv6 unicast-routing
int f0/0
no sh
int f0/0.12
en do 12
ip add 12.1.1.2 255.255.255.0
ipv6 nat

int f0/0.23
en do 23
ipv6 address 2023::2/64
ipv6 nat

ipv6 access-list V4MAP permit 2000::/48 any
ipv6 access-list V6LIST permit 2000::/48 any
ipv6 nat prefix 2001::/96 v4-mapped V4MAP
ipv6 nat v6v4 pool v4pool 12.1.1.1 12.1.1.254 prefix-length 24
ipv6 nat v6v4 source list V6LIST pool v4pool

配置完成.

調試:
R2#debug ipv6 nat
因爲是NAT-PT動態映射,所以只能從v6端發起訪問,因爲在一開始並沒有v6端的主機使用了地址池中的地址,
地址池的ipv4地址沒有與任何v6端的主機的ipv6地址進行映射,因此v4端在相應映射未建立的情況下是無
法ping通地址池裏對應的地址.而v4端的ipv6地址是通過:96位的前綴加上自己的ipv4地址(32位)合併而成,
一共是128位.所以我們想從R3pingR1的話就需要使用v6地址2001::1017:1f02(就是2001::16.23.32.2).

R3#ping 2001::1017:1f02

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1017:1F02, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/116/252 ms

此時的R2出現的調試信息:

*Mar  1 00:15:21.387: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar  1 00:15:21.451: IPv6 NAT:  src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar  1 00:15:21.531: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar  1 00:15:21.611: IPv6 NAT:  src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar  1 00:15:21.639: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar  1 00:15:21.667: IPv6 NAT:  src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar  1 00:15:21.699: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar  1 00:15:21.731: IPv6 NAT:  src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar  1 00:15:21.755: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar  1 00:15:21.791: IPv6 NAT:  src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)

可以看到icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)來自R3的icmp包被轉
換了,此時R3使用的v4地址爲16.23.32.10

現在在R1處ping這個地址16.23.32.10:
R1#ping 16.23.32.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 16.23.32.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 128/152/204 ms

成功ping通.

此時的R2出現的調試信息:
*Mar  1 00:20:01.823: IPv6 NAT: icmp src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar  1 00:20:01.967: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar  1 00:20:02.007: IPv6 NAT:  src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar  1 00:20:02.099: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar  1 00:20:02.135: IPv6 NAT:  src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar  1 00:20:02.211: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar  1 00:20:02.327: IPv6 NAT:  src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar  1 00:20:02.407: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)
*Mar  1 00:20:02.463: IPv6 NAT:  src (16.23.31.2) -> (2001::1017:1F02), dst (16.23.32.10) -> (2000:B00::2)
*Mar  1 00:20:02.535: IPv6 NAT: icmp src (2000:B00::2) -> (16.23.32.10), dst (2001::1017:1F02) -> (16.23.31.2)