From: Bob Sinclair (bsin@cox.net)
Date: Mon Apr 25 2005 - 17:16:23 GMT-3
Hi Simon,
I too am less than enthusiastic about method two! I suppose it is simply
another way to "Get R Done", in case the first is ruled out.
Bob Sinclair
CCIE #10427, CCSI 30427, CISSP
www.netmasterclass.net
----- Original Message -----
From: simon hart
To: Bob Sinclair ; ccie2be ; 'Group Study'
Sent: Monday, April 25, 2005 2:00 PM
Subject: RE: ipv6 - NAT-PT Advertising the NAT Prefix
Bob,
Not keen on the second method. Surely this would make a headache of
troubleshooting, having multiple IPv6 addresses on an interface just for
NAT-PT.
Is there any reason you can see for adopting the second method as oppossed
to the first?
Simon
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of Bob
Sinclair
Sent: 25 April 2005 18:36
To: ccie2be; 'Group Study'
Subject: Re: ipv6 - NAT-PT Advertising the NAT Prefix
Tim,
I think you put your finger on an issue that bears a little more
discussion:
How do we advertise the nat prefix?
I have seen two methods:
1. Suppose our nat prefix is configured as follows: ipv6 nat prefix
FEC0:0:0:C/96. This will put the following route in the local table:
R4#sh ipv6 route connected
C FEC0:0:0:C::/96 [0/0]
via ::, Null0
We could then advertise this nat prefix by redistributing this connected
route
into a dynamic protocol.
2. We could assign an address that is a subnet of the nat prefix to an
interface, then advertise that subnet via an interface-level protocol
command.
The subnet would include the target V6 nat address. Suppose our virtual v6
address is FEC0:0:0:C:0:0:22:3/125. We could assign the address
FEC0:0:0:C:0:0:22:4/125 to an interface and advertise the target subnet
with,
say, an IPV6 RIP interface command.
If you have seen DOiT Lab 1 this second technique might look familiar!
Bob Sinclair
CCIE #10427, CCSI 30427, CISSP
www.netmasterclass.net
----- Original Message -----
From: ccie2be
To: 'Bob Sinclair' ; 'Group Study'
Sent: Monday, April 25, 2005 12:46 PM
Subject: RE: ipv6 - NAT-PT
Bob,
I should also probably stay away from any clear non-water liquids.
Thankfully, some people know to speak verrry slooooooowly when I get this
way.
Thanks
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Bob
Sinclair
Sent: Monday, April 25, 2005 11:48 AM
To: ccie2be; 'Group Study'
Subject: Re: ipv6 - NAT-PT
Tim,
I am sure this is a momentary lapse on your part! Please put any sharp
objects out of reach before proceeding!
#########################################################################
#
#
#
#
################
Would you agree that, say, 172.16.10.0/24 is carved from (a subnet of)
172.16.0.0/16?? Aren't subnets of longer mask length than their parents?
Re advertising the nat prefix /96: RIPng or OSPF v3 should do the job
nicely
HTH,
Bob Sinclair
CCIE #10427, CCSI 30427, CISSP
www.netmasterclass.net
----- Original Message -----
From: ccie2be
To: 'Bob Sinclair' ; 'Group Study'
Sent: Monday, April 25, 2005 11:43 AM
Subject: RE: ipv6 - NAT-PT
Hey Bob,
Yes, I have that book and I checked to see if it shed anymore light on
these
questions prior to my posting on GS.
Unfortunately, that book didn't have anymore info about this than what
was
in the Cisco doc.
But, I fully agree with you about that Cisco Press book - a must read
for
all current ccie candidates.
Getting back to this issue of the nat /96 prefix - how is a /96 prefix
"carved" from a /64 bit address?
I could understand how that would work in reserve i.e. carving a /64
prefix
from a /96 prefix.
And, also, if there's no requirement for the interface ipv6 address to
be
related to the nat prefix, how would that prefix be advertised?
Thanks for getting back to me.
Tim
_____
From: Bob Sinclair [mailto:bsin@cox.net]
Sent: Monday, April 25, 2005 11:30 AM
To: ccie2be; Group Study
Subject: Re: ipv6 - NAT-PT
Hi Tim,
Per my experience, the ipv6 nat prefix does not necessarily match any
portion of the interface addresses. I suspect the example assumes one
would
carve one's /96 nat prefix from one's assigned /64 space. You are
certainly on the right track re the necessity to advertise the /96 nat
prefix to other routers. Have you seen the Regi Desmeules IPV6 book
from
Cisco Press? Definitely a must have, IMHO.
HTH,
Bob Sinclair
CCIE #10427, CCSI 30427, CISSP
www.netmasterclass.net
----- Original Message -----
From: ccie2be <mailto:ccie2be@nyc.rr.com>
To: Group Study <mailto:ccielab@groupstudy.com>
Sent: Monday, April 25, 2005 10:55 AM
Subject: ipv6 - NAT-PT
Hi guys,
I've been going over the Cisco doc's on this
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/i
p
v
6
_c/sa_natpt.htm
and it seems to me there are a lot of conceptual blanks that need to be
filled in.
I'm hoping with the help of GS to be able to fill-in those blanks.
If you look at page 338 from the above link, you'll see that a portion
of
the ipv6 address assigned to the interface matches the ipv6 nat prefix
defined in step 3.
My guess is that is required but the doc doesn't say so. Is that
required?
Also, notice that only the first 8 hex digits of the ipv6 address match
the
ipv6 nat prefix.
Why only the first 8 hex digits?
Also, I assume that some IGP must be used to advertise the ipv6 nat
prefix
although none of the examples show this. My reasoning is this: If the
other ipv6 routers don't know where the nat-pt router is, they can't
send
packets to it. I also assume that the reason the interface has an ipv6
address that partially matches the ipv6 nat prefix is so that when an
IGP
is
configured on that interface, then the other ipv6 routers will know how
to
reach the nat-pt router.
Is that assumption correct?
I'm doing my best to try to fill-in the blanks but I'm completely
guessing
about all these things.
Can someone explain what's really going on with this and if I'm on the
right
track?
TIA, Tim
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.10.2 - Release Date: 21/04/2005
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.10.2 - Release Date: 21/04/2005
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:55:08 GMT-3