Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 28
- Page / 149
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
16 ServerIron ADX NAT64 Configuration Guide
53-1002444-02
Advanced stateful NAT64 configuration
2
DRAFT: BROCADE CONFIDENTIAL
Once this command is configured, the NAT64 gateway will automatically delete an existing sticky
session for a NAT64 pool if a connection request arrives from the same IPv6 client and the NAT64
pool IP address in the associated sticky session has run out of available source ports. The NAT64
gateway then selects a new IPv4 address from the configured NAT64 pool address range and
creates a new sticky session for the IPv6 client to NAT64 pool address.
Although existing sessions from the IPv6 client continue, all new connections will use the newly
created sticky session.
Disabling sticky behavior
By default, the stateful NAT64 gateway selects the same NAT64 pool IP address for a given IPv6
client and maintains this IPv6 client-to-NAT64 address mapping by means of a sticky session.
For as long as this sticky session exists, the same NAT64 pool IP address is selected for all
subsequent flows from the client. However, under certain heavy traffic conditions, the NAT64 pool
might run out of ports. In such an event, new connections from the same client are dropped by the
NAT64 gateway.
Use the nat64 disable-sticky command to disable sticky session behavior on the NAT64 gateway
and to ensure that a new IPv4 address is selected from the IPv4 NAT address pool whenever a
request comes from an IPv6 client.
ServerIron ADX(config)# nat64 disable-sticky
Syntax: [no] nat64 disable-sticky
Enabling connection logging
To enable connection logging for NAT64 traffic processed by the NAT64 gateway, enter the nat64
connection-log command.
ServerIron ADX(config)# nat64 connection-log
Syntax: [no] nat64 connection-log
Configuring HTTP client IP address insertion
When an IPv6 address is translated, the internal resource cannot see the client's original IPv6
address. In situations where an HTTP client's identity has to be maintained, the NAT64 gateway can
be configured to insert the client IP address as an HTTP header. The header will be inserted as the
last header in the HTTP request.
For example, to enable client IP insertion for HTTP traffic arriving on port 80, configure the nat64
http-client-ip-insertion port command as in the following example:
ServerIron ADX(config)# nat64 http-client-ip-insertion port 80
For example, where the original HTTP request is:
GET /abc/index.html HTTP 1/0\r\n
Host: foo.com\r\n
…
Connection: Keep-Alive\r\n
\r\n
After insertion, the HTTP request will be:
GET /abc/index.html HTTP 1/0\r\n
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 9
- Command syntax conventions 10
- Notice to the reader 11
- Related publications 11
- Getting technical help 11
- NAT64 and NAT46 Overview 13
- Stateless NAT46 translation 14
- Protocol support 15
- NAT64 fragmentation support 17
- References 18
- Stateful NAT64 Configuration 19
- Operation of stateful NAT64 20
- 53-1002444-02 23
- Enabling connection logging 28
- Displaying NAT64 information 31
- Displaying NAT64 translations 32
- Displaying NAT64 statistics 33
- Displaying NAT64 resources 37
- Stateless NAT64 Configuration 39
- Operation of stateless NAT64 40
- High availability for NAT64 52
- Clearing NAT64 information 53
- Stateless NAT46 Configuration 55
- Operation of stateless NAT46 56
- High availability for NAT46 67
- Displaying NAT46 information 68
- Clearing NAT46 information 69
- Access Control Lists 71
- Rule-based ACLs 72
- Default ACL action 74
- ACL IDs and entries 74
- Configuring rule-based ACLs 77
- Modifying rule-based ACLs 85
- Reordering ACLs 86
- Applying ACLs to interfaces 87
- Adding comments to named ACLs 89
- ACL logging 94
- Displaying ACL log entries 95
- Clearing the ACL statistics 97
- Throttling the fragment rate 98
- DRAFT: BROCADE CONFIDENTIAL 100
- Enabling strict TCP mode 101
- Enabling strict UDP mode 102
- ACLs and ICMP 103
- Numbered ACLs 104
- Named ACLs 105
- • Enable the strict TCP mode 107
- IPv6 Access Control Lists 109
- Configuration notes 110
- Processing of IPv6 ACLs 110
- Configuring IPv6 ACLs 111
- IPv6 ACL syntax 114
- Syntax Description 116
- Displaying IPv6 ACLs 118
- Logging IPv6 ACLs 119
- Network Address Translation 121
- Configuring NAT 122
- Configuring static NAT 123
- Configuring dynamic NAT 123
- Enabling IP NAT 124
- NAT configuration examples 125
- IP NAT with VIP overlap 129
- Translation timeouts 130
- Stateless static IP NAT 132
- IP NAT redundancy 133
- Displaying NAT information 144
- Displaying NAT translation 147
- Displaying VRRPE information 148
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(16 pages)
(82 pages)© 2020, manymanuals.com. All rights reserved. | 0.600 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals