MAP-T BR
Last updated
Last updated
Load map-t.lab1.init.cfg
Configure R6 as a MAP-T BR. The BR’s role is to statelessly translate IPv4-embedded IPv6 addresses to IPv4 addresses, and then translate return traffic back to IPv6 to the correct CPE.
Use the following settings:
Use 2001:db8:1000:1000::/64 as the prefix that CPEs will use for embedding the IPv4 destination address
Use 2001:1111::/48 as the prefix that CPEs will use as their source address when translating IPv4 traffic to IPv6
Use 100.1.1.0/24 as the public IPv4 address range
Allow only 1 CPE per IPv4 address
MAP-T is a technology which allows for IPv4 traffic to be transported across an IPv6-only domain. The BR is stateless which is very scalable. This allows you to easily use multiple BRs with the same exact configuration for redundancy. Asymmetric traffic is not a concern.
In MAP-T, the IPv4 public address space is shared among the CPEs. Each CPE uses a math formula to determine which source ports it is allowed to use for the public IPv4 address. This requires special software. IOS-XE is only capable of acting as the stateless BR. For this reason, we simply use a share-ratio of 1. This means each CPE gets its own IPv4 address.
To configure the BR, we start by enabling NAT64 on all interfaces as we have seen previously.
Next we define the mapping domain. Each mapping domain has a default mapping rule and a basic mapping rule. The default mapping rule is the IPv6 prefix that CPEs will use to embed the destination IPv4 address. (The CPE will translate the original IPv4 header to an IPv6 header, placing the original IPv4 destination inside the default-mapping-rule IPv6 prefix). The basic mapping rule contains the IPv6 prefix that CPEs will use as the source address, the public IPv4 range, and the share-ratio.
As we saw with stateful NAT64, R6 will create a static route for 100.1.1.0/24 via the NAT virtual interface:
Additionally, a static route is added for the default mapping rule 2001:db8:1000:1000::/64.
We must redistribute 2001:db8:1000:1000::/64 into the IGP so that the CPEs will direct the traffic to the BR.
Let’s use R2 as the CPE. We’ll set the address 2001:1111:0:100:0:6401:101:0 on a loopback and advertise this into the IGP. This would be the source address that R2 would use to source IPv4-translated traffic. R2 owns the IPv4 prefix 100.1.1.1.
Where did this address come from?
When XR1 pings 100.1.1.1, it receives a reply:
R6 translates 100.1.1.1 to 2001:1111:0:100:0:6401:101:0, and then translates XR1’s source address (192.0.2.6) to 2001:db8:1000:1000:c0:2:100:0. The reverse happens for return traffic sent back from R2 to XR1.
We will not see any translations on R6, as this is stateless. However, we will see hits for MAP-T in the statistics:
We can view the definition of the domain as follows:
If we set a larger share-ratio, for example 128:1, we can see that the router will automatically calculate the variables:
Traffic destined to 100.1.1.1 is now translated to 2001:111:0:146:0:6401:101:23. (We can see this with a packet capture). The math behind this translation is probably too involved for the CCIE exam, but we can at least understand that as the share ratio increases above 1:1, the port information must also be used to calculate the IPv4-back-to-IPv6 translation to direct the traffic back to the correct CPE.
MAP-T allows for IPv4 traffic to transported across an IPv6-only domain. The CPE does the stateful NAT44, and multiple BRs (for redundancy) can do stateless NAT (which I would consider NAT64). The BRs simply need the correct mapping rules to be able to translate the IPv4 address back to the correct IPv6 address.
In MAP-T, IPv6 traffic from the user is native. IPv4 traffic is NATed by the CPE, but multiple CPEs can share the same public IPv4 address. Each CPE calculates which source ports it is allowed to use. The CPE then does a second translation, translating the IPv4 packet to IPv6. The BR translates the packet back to IPv4. Return traffic is translated back to IPv6 to return the packet back to the correct CPE. The source IPv6 address the CPE uses for the translation is calculed based on its IPv4 address and which port range it is using.
