Quick Series 23 – IPV4 to IPV6 NAT

No Comments

Hi,

Previous post covered Ipv6-to-Ipv6 NAT. This post is aimed at IPV4-Island to IPV6-island.

Topology

Topology

Requirement is very simple, R2 has an Ipv4 address and it needs to reach Ipv6 address. We instruct SRX firewall to perform NAT from Ipv4 to Ipv6 for both source and Destination Address in this case, a Classic Double-Nat if I have to Say.

R2 tries to reach to end server of Ipv6 (2001:9:9:12::2), since it is ipv6, R2 is given an Ipv4 destination address of 9.9.12.3 in this case, an arbitrary address from the subnet pool. Similarly, SRX receives Ipv4 request, but it needs to forward it to IPV6, hence it uses an address of 2001:9:9:12::3 as it source

A quick look at policy and zones

securityzones_1

Destination Nat – First in the flow processing

destination_nat2

Source-Nat

source-nat_3

Nat Translation Hits

nat_translations_4

A Look at security-flow session output

output_5

Regards

Rakesh M

Quick Scenario -3 – Bgp Local-as

No Comments

 

Hi,

3rd post in the quick series is about BGP local-as

BGP Local-AS

“The local-AS feature allows a router to appear to be a member of a second Autonomous systems (AS), in addition to its real AS. This feature can only be used for true eBGP peers. You cannot use this feature  for two peers that are members of different confederation sub-ASs”

 

Requirement – R1 needs to peer with R2 with As number 400 while all other Routers to peer with R2 should use a AS number of 200

 

Capture

As we can see, R2 is acting as Local-as 400 for R1 and AS 2 for R3

 

finalscreenoutput

 

Regards

Rakesh

Quick Scenario -2 – Bgp Communities – (no-advertise)

No Comments

Hi,

2nd post in the quick series is about BGP community no-advertise

Community – No-Advertise

“No-Advertise is similar to No-export, While no-export does not export routes to another AS, this goes further and it will not export route to both ebgp or ibgp neighbors as well.”

Requirement – Make sure R1 advertises its routes to R2, and R2 should not advertise the routes to either EBGP or IBGP neighbors

Topology

TOPOLOGY

Before confiuring anything

before-community

 

ON R1

 

access-list 99 permit host 1.1.1.1

route-map NO-ADV-COMM permit 10
match ip address 99
set community no-advertise

router bgp 100
nei 9.9.12.2 route-map NO-ADV-COMM out

final

 

Regards

Rakesh

 

 

 

 

 

Quick Scenario -1 – Bgp Communities – (no-export)

No Comments

Hi,

This will be a series of posts in which i shall be posting some quick scenario labbings. Mostly i have designed these so that I can relate to some stuff which i do not often use, nevertheless will blog all small topics

Community – No-export

“NO-EXPORT is commonly used within an AS to instruct routers not to export a prefix to eBGP neighbors. For instance, subnets of a larger block can be advertised to influence external AS best-path selection, and those not required for this traffic engineering purpose may be tagged NO-EXPORT to prevent them from being leaked to the Internet (and thus contributing to unnecessary global routing table growth). If a neighboring AS accepts this community, it can be used to selectively leak more specifics for traffic engineering but limit their propagation to just one AS.”

Requirement – R1 has its loopback advertised to R3 via BGP. Make sure the advertisement stays within the AS and should not go to another AS Router in this Case R3

no-export scenario

Before community addition – Routing Table of R3

pic1

AS we can see below route is not seen R3.

pic2.final

Regards

Rakesh M

Close Bitnami banner
Bitnami