diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-03-09 19:16:14 +0100 | 
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-09 19:16:14 +0100 | 
| commit | b873d9b3770a68dfea68472b1c301152d06798f7 (patch) | |
| tree | f183c431a6af52a5803064d4ee071570aab7fc15 /docs/configuration | |
| parent | 75f96ad376aad7f527636d279edf238c231c9e31 (diff) | |
| parent | b1dc0437d89cacf0c727e22ba9b30d5ebdda73ae (diff) | |
| download | vyos-documentation-b873d9b3770a68dfea68472b1c301152d06798f7.tar.gz vyos-documentation-b873d9b3770a68dfea68472b1c301152d06798f7.zip | |
Merge pull request #473 from jack9603301/master
nat66: T2518: Modify configuration command use case
Diffstat (limited to 'docs/configuration')
| -rw-r--r-- | docs/configuration/nat/nat66.rst | 90 | 
1 files changed, 51 insertions, 39 deletions
| diff --git a/docs/configuration/nat/nat66.rst b/docs/configuration/nat/nat66.rst index bcf5570f..c5a8dec0 100644 --- a/docs/configuration/nat/nat66.rst +++ b/docs/configuration/nat/nat66.rst @@ -4,11 +4,12 @@  NAT66(NPTv6)  ############ -:abbr:`NPTv6 (IPv6-to-IPv6 Network Prefix Translation)` is an address translation technology based -on IPv6 networks, used to convert an IPv6 address prefix in an IPv6 message into another IPv6 -address prefix. We call this address translation method NAT66. Devices that support the NAT66 -function are called NAT66 devices, which can provide NAT66 source and destination address -translation functions. +:abbr:`NPTv6 (IPv6-to-IPv6 Network Prefix Translation)` is an address  +translation technology basedon IPv6 networks, used to convert an IPv6  +address prefix in an IPv6 message into another IPv6address prefix.  +We call this address translation method NAT66. Devices that support the NAT66 +function are called NAT66 devices, which can provide NAT66 source +and destination address translation functions.  Overview  ======== @@ -21,36 +22,45 @@ Different NAT Types  SNAT66  ^^^^^^ -:abbr:`SNPTv6 (Source IPv6-to-IPv6 Network Prefix Translation)` The conversion function is mainly used in -the following scenarios: - -* A single internal network and external network. Use the NAT66 device to connect a single internal -  network and public network, and the hosts in the internal network use IPv6 address prefixes that -  only support routing within the local range. When a host in the internal network accesses the -  external network, the source IPv6 address prefix in the message will be converted into a -  global unicast IPv6 address prefix by the NAT66 device. -* Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network -  to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an -  equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you -  can configure the same source address translation rules on these NAT66 devices, so that any -  NAT66 device can handle IPv6 traffic between different sites. -* Multi-homed. In a multi-homed network environment, the NAT66 device connects to an -  internal network and simultaneously connects to different external networks. Address -  translation can be configured on each external network side interface of the NAT66 -  device to convert the same internal network address into different external network -  addresses, and realize the mapping of the same internal address to multiple external addresses. +:abbr:`SNPTv6 (Source IPv6-to-IPv6 Network Prefix Translation)` The conversion +function is mainly used in the following scenarios: + +* A single internal network and external network. Use the NAT66 device to  +  connect a single internal network and public network, and the hosts in  +  the internal network use IPv6 address prefixes that only support  +  routing within the local range. When a host in the internal network +  accesses the external network, the source IPv6 address prefix in  +  the message will be converted into a global unicast IPv6 address  +  prefix by the NAT66 device. +* Redundancy and load sharing. There are multiple NAT66 devices at the edge +  of an IPv6 network to another IPv6 network. The path through the NAT66  +  device to another IPv6 network forms an equivalent route, and traffic  +  can be load-shared on these NAT66 devices. In this case, you  +  can configure the same source address translation rules on these  +  NAT66 devices, so that any NAT66 device can handle IPv6 traffic between  +  different sites. +* Multi-homed. In a multi-homed network environment, the NAT66 device  +  connects to an internal network and simultaneously connects to  +  different external networks. Address translation can be configured  +  on each external network side interface of the NAT66 device to  +  convert the same internal network address into different external +  network addresses, and realize the mapping of the same internal  +  address to multiple external addresses.  .. _destination-nat66:  DNAT66  ^^^^^^ -The :abbr:`DNPTv6 (Destination IPv6-to-IPv6 Network Prefix Translation)` destination address translation -function is used in scenarios where the server in the internal network provides services to the external -network, such as providing Web services or FTP services to the external network. By configuring the mapping -relationship between the internal server address and the external network address on the external network -side interface of the NAT66 device, external network users can access the internal network server through -the designated external network address. +The :abbr:`DNPTv6 (Destination IPv6-to-IPv6 Network Prefix Translation)`  +destination address translation function is used in scenarios where the  +server in the internal network provides services to the external network, +such as providing Web services or FTP services to the external network.  +By configuring the mapping relationship between the internal server  +address and the external network address on the external network  +side interface of the NAT66 device, external network users can  +access the internal network server through the designated  +external network address.  Prefix Conversion  ------------------ @@ -62,8 +72,8 @@ Every SNAT66 rule has a translation command defined. The prefix defined  for the translation is the prefix used when the address information in  a packet is replaced.、 -The :ref:`source-nat66` rule replaces the source address of the packet and calculates the -converted address using the prefix specified in the rule. +The :ref:`source-nat66` rule replaces the source address of the packet  +and calculates the converted address using the prefix specified in the rule.  Example: @@ -74,18 +84,19 @@ Example:    set nat66 source rule 1 outbound-interface 'eth0'    set nat66 source rule 1 source prefix 'fc01::/64' -  set nat66 source rule 1 translation prefix 'fc00::/64' +  set nat66 source rule 1 translation address 'fc00::/64'  Destination Prefix  ^^^^^^^^^^^^^^^^^^ -For the :ref:`destination-nat66` rule, the destination address of the packet is -replaced by the address calculated from the specified address or prefix in the -`translation address` command +For the :ref:`destination-nat66` rule, the destination address of +the packet isreplaced by the address calculated from the specified  +address or prefix in the `translation address` command  Example: -* Convert the address prefix of a single `fc00::/64` network to `fc01::/64` +* Convert the address prefix of a single `fc00::/64` network  +  to `fc01::/64`  * Input from `eth0` network interface  .. code-block:: none @@ -97,8 +108,9 @@ Example:  Configuration Examples  ====================== -Use the following topology to build a nat66 based isolated network between internal -and external networks (dynamic prefix is not supported): +Use the following topology to build a nat66 based isolated  +network between internal and external networks (dynamic prefix is  +not supported):  .. figure:: /_static/images/vyos_1_4_nat66_simple.png     :alt: VyOS NAT66 Simple Configure @@ -114,7 +126,7 @@ R1:    set nat66 destination rule 1 translation address 'fc01::/64'    set nat66 source rule 1 outbound-interface 'eth0'    set nat66 source rule 1 source prefix 'fc01::/64' -  set nat66 source rule 1 translation prefix 'fc00:470:f1cd:101::/64' +  set nat66 source rule 1 translation address 'fc00:470:f1cd:101::/64'  R2: | 
