Ivi prefix, Aft modes, N in – H3C Technologies H3C SecPath F1000-E User Manual
Page 74: Figure 57
62
Figure 57 DNS64 prefix is added to an IPv4 address to translate it into an IPv6 address
For an IPv4 packet sent from an IPv4 host to an IPv6 host, AFT translates its source IPv4 address to an IPv6
address by adding a DNS64 prefix.
When an IPv6 host sends a packet to an IPv4 host, the destination IPv6 address is formed by adding the
DNS64 prefix to the IPv4 address of the IPv4 host. When the AFT receives such a packet, it extracts the
IPv4 address from the IPv6 destination address so that the packet can be forwarded to the IPv4 host.
IVI prefix
An IVI prefix is a 32-bit IPv6 address prefix. An IVI address comprises an IVI prefix and an IPv4 address,
with bits 32 to 39 set to all 1s, as shown in
.
Figure 58 IVI address format
If the source IPv6 address of an IPv6 packet sent from an IPv6 host to an IPv4 host is in the IVI address
format, AFT translates the source IPv6 address to the IPv4 address contained in the source IPv6 address.
For an IPv4 packet sent from an IPv4 host to an IPv6 host, AFT translates its destination IPv4 address to
an IPv6 address by adding an IVI prefix to the IPv4 address.
NOTE:
An IVI address is an IPv6 address that is actually used by an IPv6 host; however, an IPv6 address with a
DNS64 prefix is merely a translated IPv6 version of an IPv4 address and is not used by any host.
AFT modes
AFT can be stateless or stateful:
•
Stateless AFT—Uses DNS64 or IVI prefixes for address translation. The mappings between IPv4
and IPv6 addresses are fixed because the IPv4 address is embedded in the IPv6 address.
•
Stateful AFT—Dynamically creates and maintains mappings between IPv4 addresses and IPv6
addresses. It translates the source IPv6 address of an IPv6 packet into an IPv4 address only when
the source IPv6 address is not an IVI address. Otherwise, stateless AFT is used. Stateful AFT can also
perform port address translation (PAT) to translate both addresses and TCP/UDP port numbers. This
method can translate multiple IPv6 addresses into one IPv4 address. It distinguishes the IPv6
addresses by port number.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS