Session initiated by an ipv4 host, Nat-pt limitations, Protocols and standards – H3C Technologies H3C SecPath F1000-E User Manual
Page 41
34
Upon receiving a reply packet from the IPv4 host to the IPv6 host, the NAT-PT device swaps the
source and destination IPv4 addresses according to the stored mappings and forwards the packet
to the IPv6 host.
Session initiated by an IPv4 host
The NAT-PT implementation process for a session initiated by an IPv4 host is as follows:
1.
Determines whether to perform NAT-PT or not.
Upon receiving a packet from an IPv4 host to an IPv6 host, the NAT-PT device checks the
destination IPv4 address in the packet against the static mappings configured on the IPv6 network
side. If a match is found, the device considers that the packet needs to be forwarded to the IPv6
network and NAT-PT needs to be performed.
2.
Translates the source IP address.
The NAT-PT device translates the source IPv4 address of the packet into an IPv6 address according
to the static or dynamic mapping on the IPv4 side. If no mapping is configured on the IPv4 side,
the source IPv4 address with the first configured NAT-PT prefix is used as the translated source IPv6
address.
3.
Translates the destination IP address.
The NAT-PT device translates the destination IPv4 address of the packet into an IPv6 address
according to the static mapping on the IPv6 side.
4.
Forwards the packet and stores the mappings.
After the source and destination IPv4 addresses of the packet are translated into IPv6 addresses,
the NAT-PT device forwards the packet to the IPv6 host. Meanwhile, the IPv4/IPv6 address
mappings are stored in the NAT-PT device.
5.
Forwards the reply packet according to the stored mappings.
Upon receiving a reply packet from the IPv6 host to the IPv4 host, the NAT-PT device swaps the
source and destination IPv6 addresses according to the stored mappings and forwards the packet
to the IPv4 host.
NAT-PT limitations
NAT-PT has the following limitations:
•
In NAT-PT translation, the request and response packets of a session must be processed by the same
NAT-PT device.
•
The Options field in the IPv4 packet header cannot be translated.
•
NAT-PT does not provide end-to-end security.
Therefore, NAT-PT is not recommended in some applications. For example, tunneling is recommended in
the case where an IPv6 host needs to communicate with another IPv6 host across an IPv4 network.
Currently, NAT-PT supports Internet Control Message Protocol (ICMP), Domain Name System (DNS), File
Transfer Protocol (FTP), and other protocols that employ the network layer protocol but have no address
information in the protocol messages.
Protocols and standards
•
RFC 2765, Stateless IP/ICMP Translation Algorithm
•
RFC 2766, Network Address Translation - Protocol Translation (NAT-PT)