Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Introduction
www.huawei.com
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page1
Objective
⚫ Upon completion of this course, you will be able to:
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page2
Contents
1. Overview of CGN
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page3
Contents
1. Overview of CGN
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page4
Contents
1. Overview of CGN
Terms related to CGN
NAT
DS+NAT44(4) solution
DS-lite solution
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page5
Terms Related to CGN
⚫ CGN---Carrier Grade NAT
⚫ DS---Dual-stack
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page6
NAT—Basic NAT Address Translation
⚫ Basic NAT is also called NO-PAT mode in which only the IP address is
translated. Each private IP address is mapped to a public IP address.
Therefore, the public network address resource cannot be saved.
Direction Before NAT After NAT
Outbound 192.168.1.3 20.1.1.1
192.168.1.1 20.1.1.1
Intranet Internet
192.168.1.3 1.1.1.2
Src: 1.1.1.2 Src: 1.1.1.2
Dst: 192.168.1.3 Dst: 20.1.1.1
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page7
NAT— NAPT Address Translation
⚫ In NAPT mode, both the private IP address and port number are translated into a public
IP address and port number. Source addresses of packets coming from different private
addresses can be mapped to the same public address, but the port numbers of these
packets are translated into different port numbers under this address. Therefore, these
packets can share the same address.
Direction Before NAT After NAT
Outbound 192.168.1.2:1111 20.1.1.1:1001
Outbound 192.168.1.2:2222 20.1.1.1:1002
Outbound 192.168.1.3:1111 20.1.1.1:1003
192.168.1.1 20.1.1.1
Intranet Internet
Host B 1.1.1.2
Packet 3 Packet 3
Src: 192.168.1.3:1111 Src: 20.1.1.1:1003
192.168.1.3
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page8
DS+NAT44(4)
Terminal Access Metro Core Servers
TV BRAS CR
CGN
CPE P
PC LSW IPv4/IPv6 Dual- IPv4
Stack
PE PE
Phone
OLT BRAS CR
P IPv6
CGN
NAT44 NAT44
Private IPv4 Private IPv4 Public IPv4 CPE Route Mode
IPv6 DS+NAT444
NAT44
Private IPv4 Public IPv4 CPE Bridge Mode
IPv6 DS+NAT44
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page9
DS-lite
Terminal Access Metro Core Servers
TV BRAS CR
CGN
CPE Dual P
PC DSLAM IPv4
IPv6-Only stakck
PE PE
Phone
OLT CR
BRAS
CGN P IPv6
NAT44
Private IPv4 4in6 Tunnel Public IPv4 CPE routemode
DS-Lite+NAT+PPPoE
IPv6
⚫ For access requests sent from IPv4 users, the CPE sets up a 4in6 tunnel with
the CGN. A user obtains the private IPv4 address from the CPE. The CGN
translates the private IPv4 address into a public IPv4 address, which is used to
access the IPv4 Internet.
⚫ In the DS-lite solution, the CGN sets up 4in6 tunnels and implements NAT
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page10
Factors Affecting CGN Deployment
3. CAPEX
• Equipment Cost
2. Impacts on services • Engineering delivery
costs and risks
• User management 4. OPEX
• User tracing
• Intelligent network
3 • O&M interface
services • Troubleshooting
• Lawful interception 2 Factors 4 • Equipment upgrade
affecting CGN
deployment
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page11
Self-Test Questions
1. Functions of the CGN in the mainstream IPv6 transition solutions
(including DS+NAT444 and DS-lite) are ( )
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page12
Contents
1. Overview of CGN
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page13
Contents
2. Introduction to CGN networking solution
Classification of CGN forms
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page14
Classification of CGN Forms–Stand-alone
CGN
⚫ A stand-alone CGN can be mounted beside or directly to other network
devices CR
CR
PE PE
CGN
CGN CGN
CGN
CR CR BRAS BRAS
Directly mounted between
Directly mounted between
the CR and the PE
the CR and the BRAS
CR CR
CR CR
CGN CGN
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page15
Classification of CGN Forms–Integrated CGN
CR CR CR CR
The mode in which the CGN board is installed on a BRAS is applicable to the
scenario where users are centralized. This mode allows lean user management
and facilitates real-time tracing. Page16
System Architecture of the Integrated CGN
1 3
VSUI-20-A
(CGN)
⚫ The integrated CGN is implemented by the VSUI series board, which is a multi-
core service board. This board is a centralized board that does not provide any
outbound interface.
⚫ Service flow: The interface board routes the traffic to the service board. The
service board completes the CGN function and then sends the traffic to the
interface board. The interface board sends the traffic out of the system.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page17
Comparison of CGN Forms
Integrated CGN
Stand-alone CGN
Integrated with a CR Integrated with an SR/BRAS
Feasibility of
Occupies a forwarding port Occupies a forwarding slot Occupies a forwarding slot.
deployment
External Uses a stand-alone subrack. The number Shares a subrack with other boards. The Shares a subrack with other boards. The
interfaces of interfaces is limited number of interfaces is not limited. number of interfaces is not limited
The cost is low. Only a board needs to be The cost is low. Only a board needs to be
Cost The cost is high. A device must be added
added. added
Does not participate in user Does not participate in user authentication.
Participates in user authentication. Can
Tracing authentication. Cannot detect users. The Cannot detect users. The tracing capability
detect users. The tracing capability is good.
capability tracing capability is poor. is poor.
Supports online tracing.
Does not support online tracing Does not support online tracing.
Connected to dual hosts in side Supports the two-board configuration.
mounting mode. The reliability is high, Is integrated with network services. Supports
Reliability Supports the two-board configuration
but functions are not rich, and the various protection modes of the network. The
cooperation with the network is poor. reliability is high.,
Service
Provides functions to maintain accessed
capability and Does not provide the service capability. Does not provide the service capability.
users.
user Cannot detect users. Cannot detect users.
management Has strong control capability.
Page18
CGN Networking Solutions—Centralized
Mode Deployment of the CGN in centralized mode
⚫ Deployment position: deployed at the egress of the MAN
DSLAM OLT DSLAM OLT L2 ⚫ Long-term trend: With flattening of the network and the
increase in IPv4 traffic, the position of the CGN will gradually
be moved downwards.。
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page20
CGN Networking Solutions—Reliability
Centralized
mode
The fault affects Trouble No dual-device backup dual-host backup
users served by
all BRASs The BRAS cannot detect faults The active/standby backup is
connected to the on the CGN. If faults on the often implemented using the
CGN are not rectified, users cold backup mode. The fault-
CR. CR will be always in online state triggered switching time is
Centralize but cannot access the Internet determined by the route
Metro d mode normally. convergence time and the
backup time of a large number
Distributed mode of NAT sessions.。
BRAS
PPP
Page21
CGN Networking Solutions—Equipment Cost
(1/3)
Uplink LPU
Centralized mode
SFU
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page22
CGN Networking Solutions—Equipment Cost
(2/3)
⚫ When the CGN is deployed in centralized
mode, the traffic model is as follows:
C Up linkLPU Up link LPU Up link LPU
User data is routed to the CR on the MAN
G
Down link LPU through the BRAS service board. The CR
N Down linkLPU Down link LPU
redirects the user packet to the CGN device
CGN CR
based on the routing policy. The CGN device
processes the packet and sends it to the CR.
The model of the traffic from the Internet to
UplinkLPU
users is the reverse operations of the
outbound traffic model.
DownlinkLPU
⚫ Cost: A CGN device is added to the
BRAS
existing traffic model. A pair of interfaces
must be added respectively on the CR
Centralized mode
and the CGN device for interworking
SFU between them.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page23
CGN Networking Solutions—Equipment Cost
(3/3)
⚫ Cost calculation:
⚫ Preset conditions:
10G Port,processing capability of the CGN
board Bit Cost
50
Centralized mode
Cost of equipment bit:CGN per Port cost=1;
30 Distributed mode
CR per Port cost=1.5;CGN per Board cost=3
deployment
Deployment in every area 10
Centralized mode:1×20+1.5×20+3×5 = 59
Page24
CGN Networking Solutions—Engineering Delivery Costs
and Risks
Distributed Deployment of the Centralized Deployment of the CGN Mounted
CGN Installed on the BRAS Beside the CR
Public IP addresses are managed on the CR and the NAT device. Public
Network Public IP addresses are managed on the
IP addresses used by all BRASs connected to the CR must be
planning BRAS
consistently planned.
Equipment The CGN board must be purchased and The CR interface board and the NAT device and server must be
procurement, installed on the BRAS. purchased.
installation, and The BRAS must be upgraded to support the The NAT device and log server must be installed. The CE must be
upgrade CGN feature connected to the NAT device.
Network
The configuration on BRAS must be Data used for interworking between the NAT device and the CR must
element
configuration
modified to support CGN users be configured. In addition, the NAT device must be configured.
Page25
CGN Networking Solutions—Network O&M
⚫
Cost Analysis
O&M interface:
Generally, the O&M interface between the provincial company and the city companies of a carrier is located between the BRAS and the CR.
BRAS and devices under the BRAS are managed by city companies, whereas the CR and devices above the CR are managed by the
provincial company. If tunnels are faulty when the DS-lite centralized deployment mode is used, the O&M personnel of both the provincial
company and the city companies must cooperate with each to rectify the faults. This increases the coordination costs
DS-Lite
B4 Tunnel
BRAS CR AFTR
IPv4+IPv6
Company in Provincial
each city company
⚫ Fault location:
Distributed networking: 1->N fault location
Locate the fault by checking the BRAS and devices under the BRAS BRAS BRAS BRAS BRAS BRAS BRAS
BRAS. With gradual deployment of the CGN and BRAS, the O&M
process is a 1->N process.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page26
Comparison of CGN Networking Solutions(1/2)
Centralized Deployment of the CGN Distributed Deployment of the CGN
CGN Mounted Beside a CR CGN Board Installed on a CR CGN Integrated with a BRAS or an SR
The cost is high when users are scattered and
low when users are centralized. CGN needs to be
Total The investment at the early stage is low. It is easy to deploy new devices in a centralized manner. The
deployed at multiple points and cannot be
private network routes of users must be advertised on the MAN. Private address planning and the
controlled in a centralized manner. The
cost solution for isolating the public network routes from private network routes are complex.
installation and subsequent O&M workload is
heavy.
The CGN deployment position is high on the network. The CGN cannot obtain the user information.
Therefore, it is difficult to implement user policy control and user tracing. The CGN is integrated with the BRAS. The Radius
User server reports the user log to implement user
It is difficult to implement application level gateway (ALG) control on the NAT located at the core. This
manag seriously prevents deployment of new applications.
tracing. The solution is simple and facilitates
user-based lean policy control and real-time and
ement The log server must be deployed to record logs and implement tracing. This increases the investment and accurate tracing.
O&M difficulty.
The CGN devices need to maintain a large The CGN devices need to maintain a large number of
Reliabil number of sessions. Therefore, a single-point sessions. Therefore, a single-point failure affects a large The traffic model is not changed. The forwarding
failure affects a large number of users. number of users. CRs must be upgraded. The CGN faults efficiency is high and performance requirements
ity Reliability requirements are high and the affect CRs, introducing high risks. Reliability are low.
networking is complex. requirements are high.
⚫ This solution is suitable for direct CGNs in areas where users are scattered.
deployment of CGNs in areas where ⚫ The CGN deployment position is high on the
users are centralized. network. The CGN cannot obtain the user
The tracing solution is simple, which implement user policy control and user tracing.
facilitates user-based lean policy control. ⚫ Traffic within a city is transferred to CRs and
⚫ The traffic model is not changed. The CGN devices for processing. This increases
forwarding efficiency is high and the traffic volume on CRs and the CGN is
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page28
Self-Test Questions
2. Mainstream CGN deployment solutions include ( )
A. Distributed deployment of CGN that is integrated with the BRAS/SR
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page29
Contents
1. Overview of CGN
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page30
Contents
3. Introduction to CGN NAT and NAT traversal
Introduction to CGN NAT
NAT Traversal
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page31
Introduction to CGN NAT—Full-Cone
⚫ Full-cone:Full-cone NAT is also called triplet NAT. In this mode, the peer
address and port translation mode is not cared. The device distributes
addresses and filters packets by creating triplet entries (source address,
source port number, and protocol type). The full-cone NAT reduces the
security performance, but supports a wider application of NAT traversal.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page32
Introduction to CGN NAT—Symmetrical
Mode
⚫ Symmetrical NAT is also called quintuple NAT. In quintuple NAT, if the
destination IP addresses and port numbers of packets are different but the
source IP addresses and port numbers are the same, the NAT device translates
the source IP addresses and port numbers into different external network IP
addresses and port numbers.
152.100.1.21:10240 ->
10.1.1.200:100 -> 121.12.124.20:80
121.12.124.20:80
152.100.1.21:10240 121.12.124.20
10.1.1.200:100 <- 121.12.124.20:80
<- 121.12.124.20:80
10.1.1.200 152.100.1.21:10240
<- 131.15.124.22:80
131.15.124.22
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page33
NAT Traversal—Overview(1/2)
⚫ Why is NAT traversal required?
With wide application of NAT, application layer protocols that use the IP address and port number as
communication IDs cannot run properly.
Applications, such as instant messaging (session and control messages), SIP (RTP/RTCP), and online
payment, require that session connections of the same host use the same source IP address. If the
same host originates sessions that contain the same IP address and port number, the NAT results
may be different due to the dynamic address translation of the standard NAT.
The standard NAT is implemented by changing the address information in the IP packet header or
UDP/TCP port number. The payload of some application layer protocols, however, contains the IP
address and port number. Consequently, some packets may be judged as invalid and therefore
discarded.
Assume that external networks need to use services provided by servers on an internal network. If a
standard NAT solution is used, when a packet coming from an external network arrives at the CGN,
NAT mapping may fail and the packet may be lost because the related triplet or quintuple entry is
not created.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page34
NAT Traversal—Overview(2/2)
⚫ NAT traversal technologies
ALG
◼ Application scenario: ALG translation of frequently-used protocols
Full-cone mode
◼ It is also called triplet NAT. In this mode, the peer address and port translation mode is not cared. The device
distributes addresses and filters packets by creating triplet entries (source address, source port number, and
protocol type). The full-cone NAT reduces the security performance, but supports a wider application of NAT
traversal. Application scenario: P2P services
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page35
NAT Traversal—NAT ALG
Client and FTPS server set control
Set the control connection with 202.10.1.2
connection
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page36
NAT Traversal—Full-Cone Mode
⚫ The full-cone mode is
applicable to P2P
services Triplet-based filtering that does not involve
the destination IP address and port
Protocol number
BRAS Source IP address: 192.168.1.2: 2
User 1 Destination IP address: *: *
1 . Registration
CGN 1
Access
2 . Communication 202.38.162.2
BRAS
P2P service
server
1. Registration
User 2 CGN2
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page37
CGN-Independent NAT Traversal–STUN
⚫
The application communicates with the
well-known server located on the public
CGN 1
User 1 BRA network to obtain the NAT type and NAT
S external network address and port number.
rendezvous server
Access Private Public
network network 202.38.162.2
My public address and port? CGN2
BRA
S
The public address
and port are
User 2 Public Address POOL: 245.49.1.2...
245.49.1.2: -…
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page38
Self-Test Questions
3. Which of the following modes are supported by the CGN to
implement NAT traversal? ( )
A. Full-cone mode
B. Symmetrical mode
C. NAT ALG
D. STUN
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page39
Contents
1. Overview of CGN
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page40
Contents
4. Introduction to the CGN port allocation solution
Session-based port allocation
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page41
Traditional Session-based Port Allocation
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page42
Port Range Pre-allocation
IPv4
IPv4
BRAS CGN CR
Private IPv4 10.112.1.10
Private IPv4 Public IPv4 Start port 1 End port 1 … Internet
PC CPE2
IPv4 10.112.1.2 245.49.1.2 3001 4024 …
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page43
Comparison of Port Allocation Solutions
⚫ Session-based port allocation and port range pre-allocation can both resolve the
port allocation problems.
The log information does not need to be recorded based on each session. This greatly reduces the
massive log information generated on the CGN and effectively reduces the system load.
The solution prevents a few users from over-consuming the address and port resources. The same public
address and port range are allocated for data streams that come from the same user or source IP address.
Owing to the product limitations, the port range can only be set to 256, 512, 1024, 2048, or 4096.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page44
Contents
1. Overview of CGN
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page45
Contents
5. Introduction to CGN user tracing solutions
Overview of User Tracing Solutions
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page46
Overview of User Tracing Solutions
⚫ Why is user tracing required?
User tracing is implemented to meet the national security monitoring requirement. For example,
when a person releases a post that contains reactionary contents on a network, the network
records the release time, user information, and the contents of the post. The user information
consists of <public IPv4 address of the user, public port number of the user>. The national security
organization can locate the user based on the time and public IPv4 address. For example, the
Radius server records the online and offline time and allocated public IPv4 addresses of all users.
Offline user tracing: It is a user tracing mode after users get offline. Users are traced based on the
log on the syslog server.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page47
Dynamic User Tracing Solution(1/2)
⚫ Principle of dynamic user tracing:
The dynamic user tracing is applicable to the scenario where the CGN boards are installed on a BRAS and the BRAS generates the user
address mapping and reports it to the AAA server.
The BRAS selects the public address and port for user addresses and creates the user address mapping, to ensure that the BRAS can select
different combinations of addresses and ports for different user addresses.
The BRAS reports information such as the address and port range corresponding to the user address in the accounting-Request message by
using extended Radius attributes.
The AAA server obtains information such as the user address, public IP address, and port range, and maintains the mapping with user
information.
1 1 1 BRAS integrated
BRAS integrated BRAS integrated
with the CGN with the CGN with the CGN
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page48
Dynamic User Tracing Solution(2/2)
AAA
Server
BRAS integrated
with the
PC HG DSLAM/MxU/OLT CGN
Internet
User Query the user information and address 1 Query the user information based on the
tracing 7 mapping table based on the pubic IP public IP address and port number
addresses, port numbers, and time period to
2 Return the user information.
obtain user names, and directly locate the user.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page49
Offline User Tracing Solution(1/2)
⚫ Principle of offline user tracing:
When users are offline, security organizations query the log server and AAA server to obtain the user
information.
Offline user tracing is applicable to all the CGN deployment modes, for example, the CGN integrated with
the CR or BRAS or stand-alone CGN.
Generally, the log server stores user logs that are generated in three to six months.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page50
Offline User Tracing Solution(2/2)
Log
server
AAA
PC HG DSLAM/MxU/OLT Server
BRAS CGN
Internet
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page51
Self-Test Questions
4. To which of the following CGN networking mode is dynamic user
tracing applicable? ( )
A. Distributed deployment of CGN that is integrated with the BRAS/SR
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page52
Contents
1. Overview of CGN
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page53
Contents
6. Configuration example for the typical CGN application
scenarios
CGN Integrated with BRAS to Support Internet Access of Users in
NAT444+PPPoE Mode
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page54
CGN Integrated with BRAS to Support Internet
Access of Users in NAT444+PPPoE Mode
Ssylog
Server
GE6/0/0 CGN
CPE Radius
PC1 Access
ISP Core Server
network
BRAS
PC2
DHCP Web
Server Server
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page55
Configuration Procedure
5 Advertise routes
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page56
Configure NAT Instance(1/3)
#Allocate the license resource to service boards.
#Set the port range and allocate a port segment to each private IP address. (Optional)
#Add service boards to the configured NAT instance. You can add two service boards that work in active/standby mode to an
instance.
#Configure the NAT address pool. The public IP addresses required for address translation are selected from the address
segments configured in the address pool.
#Configure the addresses in the address pool that are used for address translation.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page57
Configure NAT Instance(2/3)
# Enable the session limitation function to improve the security. (Optional)
# Adjust the number of limited sessions. (Optional and configured based on the network model)
# Configure a server that receives the NAT log. (This configuration is required when the syslog-based user
tracing is enabled. The address and port information are configured based on the actual situation.)
# By default, the NAT log is in Huawei format. When Huawei devices interwork with China Telecom servers,
the NAT log format must be changed to the China Telecom format.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page58
Configure NAT Instance(3/3)
# Configure the NAT ALG functions as required.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page59
Configure Domain Binding NAT
#Configure the user group used for Internet access.
[ME60] user-group 1
# Switch to the user access domain and bind the user group with the NAT instance.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page60
Configure the traffic policy
#Configure the user control list (UCL) and match the user group.
#Configure the traffic policy and bind the behavior in the system view.
#Apply the traffic policy in the global configuration view. Only one traffic policy can be sent in one direction.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page61
Advertise Routes
#Directly import the user network routes (UNRs) in the routing protocol configuration so that all
NAT addresses are advertised as 32-bit host routes. When a user gets online and NAT is
performed, a route policy must be configured to filter out the private IP route of the user
when UNR routes are advertised.
[ME60]ip ip-prefix nat index 10 permit 112.112.10.1 24
[ME60]ospf 1
#Configure the destination route segment of static routes as the address segment in the
address pool and direct the route to NULL0. In the routing protocol, import static routes for
advertisement. (Recommended)
[ME60]ip route-static 112.112.10.0 255.255.255.0 NULL 0
[ME60]ospf 1
[ME60-ospf-1]import-route static
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page62
Check the Configuration
#Check online users information
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page63
CGN Integrated with BRAS to Support Internet
Access of Users in DS-Lite+PPPoE Mode
Internet IPv6
BRAS
DS-LITE (DS-LITE)
CPE
IPv4/IPv6
Internet IPv4
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page64
Configuration Procedure
1 Configure the user access part.
6 Advertise routes
Page65
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved.
Configure IPv6 Address Pool(1/2)
#Create a prefix with the IPv6 attribute set to local and configure the address prefix, which is used to allocate a WAN
interface address to a CPE.
[ME60-ipv6-prefix-1]prefix 4001:10::48
# Create a prefix with the IPv6 attribute set to delegation and configure the address prefix, which is used to allocate the
public IPv6 address to a PC.
# Create an address pool with the IPv6 attribute set to local. Configure the DNS server address and AFTR domain name. Bind
the prefixes with the address pools.
#Create an IPv6 delegation prefix address pool and bind the prefix with the address pool.
[ME60-ipv6-pool-2]prefix 2
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page66
Configure IPv6 Address Pool(2/2)
#Switch to the AAA server view and bind the IPv6 local prefix address pool with the
delegation prefix address pool.
[ME60]aaa
[ME60-aaa]domain domain1
[ME60-aaa-domain-domain1]ipv6-pool 1
[ME60-aaa-domain-domain1]ipv6-pool 2
#Set managed-address-flag and other-flag to 1 so that addresses and DNS server are allocated
in IA_NA mode.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page67
Configure DS-lite Instance
#Allocate the license resource to service boards. Configurations in the system view are shared by NAT and DS-lite. Both use the
NAT key word.
# Configure the IPv6 address range of the remote CPEs that can be connected. You can configure multiple IPv6 addresses.
# Use the following command lines to configure the basic part of the DS-lite instance. The configuration is consistent with the
NAT instance configuration.
#The remaining configurations are optional and consistent with the NAT instance configurations.
[ME60] user-group 1
# Switch to the user access domain and bind the user group with the DS-lite instance.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page69
Configure Traffic Policy
#Configure UCL , match the on line users
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page70
Route Advertisement
#Configure the static route and the route segment is address pool to NULL0.
[ME60]ospf 1
[ME60-ospf-1]import-route static
[ME60]ospfv3 1
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page71
Check the Configuration(1/2)
#Check the 4to6 tunnel establishment
Slot: 2 Engine: 0
Slot: 2 Engine: 1
Slot: 2 Engine: 2
Slot: 2 Engine: 3
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page72
Check the Configuration(2/2)
#Check NAT information
This operation will take a few minutes. Press 'Ctrl+C' to break ...
Slot: 2 Engine: 0
udp: 10.10.10.198:34[112.112.10.27:2944]-->112.112.2.3:2342
DS-Lite Instance: 1
VPN:--->-
Nexthop:112.112.2.3
OutPort:0x7
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page73
Self-Test Questions
A. No
B. Yes
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page74
Summary
⚫ This course describes the mainstream CGN deployment solutions:
When adding CGN devices, carriers need to consider multiple factors such as costs and
impacts on services, and select an appropriate networking solution for their own networks.
The mainstream CGN network solutions include distributed deployment of CGNs integrated
with BRASs and centralized deployment of CGNs mounted beside CRs.
Major functions of the CGN include setup of 4in6 tunnels and NAT. During NAT444, users
under the CGN share the port resource. The port resource must be pre-allocated to
prevent a few users from over-consuming the port resource.
User tracing is a major concern of carriers. Deployment of new CGN devices increases
difficulty in user tracing. You need to learn how user tracing is implemented after CGN
devices are added.
CGNs must be added to deploy an IPv6 transition solution. You need to complete the basic
configurations related to the CGN when different IPv6 transition solutions are used.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page75
Thank you
www.huawei.com