DS-Lite NAT

This section describes the processing procedure of the DS-Lite NAT.

When a private IPv4 network user attempts to traverse the IPv6 network to access the IPv4 Internet, an IPv4 over IPv6 tunnel needs to be established on the CPE and CGN devices to transmit private IPv4 packets across the IPv6 network, and DS-Lite NAT needs to be deployed on the CGN device to translate a private IPv4 address to a public address, enabling access to the IPv4 Internet. Figure 1 shows the detailed processing procedure.

Figure 1 Procedure of a private IPv4 network user traversing the IPv6 network to access the IPv4 Internet

1. When a private IPv4 network user attempts to access the IPv4 Internet, the user first sends an IPv4 packet to the CPE (gateway device).
2. With the DS-Lite feature enabled, the CPE encapsulates the received private IPv4 packet into an IPv4 over IPv6 packet and sends it to the CGN over an IPv6 network.

3. The CGN decapsulates the packet and checks the NAT policy for IPv4 Internet access. If 3-tuple NAT is used, the CGN creates a source and destination server map table and records the CPE IP and Tunnel ID in the server map table. In addition, the CGN creates a session table and records information, such as the outbound interface, CPE IP, and Tunnel ID in the table for encapsulating packets returned from the IPv4 Internet.

   

   The CPE IP field is introduced to address overlapping private network addresses. If two users connected to different CPEs use the same private network address, the CGN identifies the users based on the CPE IP (the IPv6 address of the CPE connected to the IPv6 network, namely, the source address used by the CPE to establish a tunnel).

4. After the CGN receives a packet from the Internet, the CGN identifies the outbound interface of the route to the CPE based on the CPE IP in the session table and then performs IPv4 over IPv6 encapsulation. If the packet is the first packet and matches the destination server map 3-tuple, the packet is routed to the outbound interface of the route to the CPE based on the CPE IP in the server map and is encapsulated into IPv4 over IPv6 packets on the interface.
5. During IPv4 over IPv6 encapsulation, CPE IP recorded in the session table is used as the destination IP address of the tunnel, the Source IP recorded on the tunnel interface is used as the source IP address, and an IPv6 route is found based on the CPE IP. Then, the actual outbound interface is located, through which the encapsulated packets are sent to the CPE.
6. The CPE decapsulates the received IPv4 over IPv6 packets and sends them to private IPv4 network users.