DS-Lite NAT Server
This section describes the processing procedure of the DS-Lite NAT server.
When an IPv4 Internet user traverses the IPv6 network to access an intranet server, you need to configure the intranet server function for DS-Lite NAT on the CGN, which is the DS-Lite NAT server. Then the intranet can be accessed by external users. DS-Lite provides a mechanism to resolve overlapping private network addresses. In encapsulating the packets from IPv4 Internet users to the intranet server, the source and destination IP addresses of the tunnel are necessary for encapsulation. You need to know the CPE IP address and tunnel ID when configuring the DS-Lite NAT server. The CPE IP address is used to isolate the private network and used as the destination IP address of the tunnel, while the tunnel ID used as the source IP address. Internet users use the tunnel to access the intranet server. Figure 1 shows the detailed processing procedure.
- After you configure the DS-Lite NAT server, the CGN device generates a server map table. Upon receiving a packet from an IPv4 public network user to an internal server on a private network enters the CGN device, the CGN device identifies the destination outbound interface based on the mapping between public and private addresses, CPE IP address, and tunnel ID recorded in the server map table, and performs 4over6 encapsulation on the packet. A session table is created to record information such as the outbound interface, CPE IP address, and tunnel ID.
- The CGN sends the encapsulated IPv4 over IPv6 packet to the CPE over an IPv6 network.
- The CPE decapsulates the packet and sends it to the server on the private IPv4 network.
- The server on the private IPv4 network returns a packet to the CPE.
- Upon receiving the private IPv4 packet, the CPE encapsulates it into an IPv4 over IPv6 packet and sends it to the CGN over an IPv6 network.
- The CGN identifies the outbound interface of the route to the Internet based on the session table.