Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

close
keyboard_arrow_left
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
keyboard_arrow_right

Stateless Source Network Prefix Translation for IPv6

date_range 06-Dec-23

Stateless Source Network Prefix Translation for IPv6 for IPv6

When an IPv6 packet is going from an internal network to the external network, Stateless Source Network Prefix Translation for IPv6 (NPTv6) maps the IPv6 prefix of the source address to an IPv6 prefix of an external network. When an IPv6 packet is coming from the external network to the internal network, NPTv6 maps the IPv6 prefix of the destination address to the IPv6 prefix of the internal network.

NPTv6 uses an algorithm to translate the addresses, and does not need to maintain the state for each node or each flow in the translator. NPTv6 also removes the need to recompute the transport layer checksum.

Benefits of Stateless Source Network Prefix Translation

  • For edge networks, you do not need to renumber the IPv6 addresses used inside the local network for interfaces, access lists, and system logging messages if:

    • The global prefixes used by the edge network are changed.

    • The IPv6 addresses are used inside the edge network or within other upstream networks (such as multihomed devices) when a site adds, drops, or changes upstream networks.

  • IPv6 addresses used by the edge network do not need ingress filtering in upstream networks and do not need their customer-specific prefixes advertised to upstream networks.

  • Connections that traverse the translation function are not disrupted by a reset or brief outage of an NPTv6 translator.

Configuring NPTv6 for Next Gen Services

Configuring the Source Pool

To configure the source pool for NPTv6:

  1. Create a source pool.
    content_copy zoom_out_map
    user@host# edit services nat source pool nat-pool-name
    
  2. Define the IPv6 prefix to which the IPv6 source address prefix is translated.
    content_copy zoom_out_map
    [edit services nat source pool nat-pool-name]
    user@host# set address address-prefix
    

Configuring the NAT Rule

To configure the NAT source rule for NPTv6:

  1. Configure the NAT rule name.
    content_copy zoom_out_map
     [edit]
    user@host# edit services nat source rule-set rule-set-name rule rule-name
    
  2. Specify the traffic direction to which the NAT rule set applies.
    content_copy zoom_out_map
     [edit services nat source rule-set rule-set-name]
    user@host# set match-direction (in | out | in-out)
    
  3. Specify the IPv6 prefix of source addresses that are translated by the source NAT rule.

    To specify one address or prefix value:

    content_copy zoom_out_map
     [edit services nat source rule-set rule-set-name rule rule-name]
    user@host# set match source-address address
    
  4. Configure the address-pooling paired feature if you want to ensure assignment of the same external IP address for all sessions originating from the same internal host.
    content_copy zoom_out_map
     [edit services nat source rule-set rule-set-name rule rule-name then source-nat mapping-type]
    user@host# set address-pooling-paired
    
  5. Specify the timeout period for address-pooling-paired mappings that use the NAT pool. The range is 120 through 86,400 seconds, and the default is 300. Mappings that are inactive for this amount of time are dropped.
    content_copy zoom_out_map
    [edit services nat source pool nat-pool-name]
    user@host# set mapping-timeout mapping-timeout
    

    If you do not configure ei-mapping-timeout for endpoint independent translations, then the mapping-timeout value is used for endpoint independent translations.

  6. Specify the NAT pool that contains the IPv6 prefix for translated traffic.
    content_copy zoom_out_map
    [edit services nat source rule-set rule-set-name rule rule-name]
    user@host# set then source-nat pool nat-pool-name
    
  7. Configure the generation of a syslog when traffic matches the NAT rule conditions.
    content_copy zoom_out_map
     [edit services nat source rule-set rule-set-name rule rule-name then]
    user@host# set syslog
    

Configuring the Service Set

To configure the service set for NPTv6:

  1. Define the service set.
    content_copy zoom_out_map
     [edit services]
    user@host# edit service-set service-set-name
    
  2. Configure either an interface service set, which requires a single service interface, or a next-hop service set, which requires an inside and outside service interface.
    • To configure an interface service set:

      content_copy zoom_out_map
       [edit services service-set service-set-name]
      user@host# set interface-service service-interface vms-slot-number/pic-number/0.logical-unit-number
      
    • To configure a next-hop service set:

      content_copy zoom_out_map
       [edit services service-set service-set-name]
       [edit services service-set service-set-name]
      user@host# set next-hop-service inside-service-interface vms-slot-number/pic-number/0.logical-unit-number outside-service-interface vms-slot-number/pic-number/0.logical-unit-number
      
  3. Specify the NAT rule sets to be used with the service set.
    content_copy zoom_out_map
     [edit services service-set service-set-name]
    user@host# set nat-rule-sets rule-set-name
    
  4. Specify that ICMP error messages are sent if NPTv6 address translation fails.
    content_copy zoom_out_map
     [edit services service-set service-set-name nat-options nptv6]
    user@host# set icmpv6-error-messages
    
external-footer-nav