Communication initiated by an ipv4 host – H3C Technologies H3C SecPath F1000-E User Manual

Page 76

NOTE:

To view the address mappings, use the display session table command. For more information about this
command, see

Access Control Configuration Guide.

Communication initiated by an IPv4 host

Figure 60 AFT process when communication is initiated by an IPv4 host

AFT operates in the following steps:

Determines whether address translation is needed. If the destination IPv4 address of the packet
matches the AFT policy for 4to6 destination address translation, address translation is needed.

Translates the source IP address. If the packet matches the AFT policy for 4to6 source address
translation, the AFT adds the DNS64 prefix referenced by the policy to the address to translate it

into an IPv6 address. If not, the AFT adds the first configured DNS64 prefix to the address to

translate it into an IPv6 address.

Translates the destination address. If the destination IPv4 address of the packet matches the AFT
policy for 4to6 destination address translation, the AFT adds the IVI prefix referenced by the 4to6
AFT policy to the IPv4 destination address to translate it into an IPv6 address.

Forwards the packet and records the mappings. The AFT performs protocol translation such as
changing the IPv4 header to the IPv6 header, forwards the packet, and records the IPv4-IPv6

mappings.

Translate and forwards the response packet. Upon receiving a response from the IPv6 host, the
AFT replaces the IPv6 addresses in the packet header with IPv4 addresses based on the recorded

address mappings and forwards the packet to the IPv4 host.

NOTE:

To view the address mappings, use the display session table command. For more information about this
command, see

Access Control Configuration Guide.

IPv6 host

IPv4 host

AFT

Dst : 2000:0: 101: 101::
Src : 3000:0:FF 02:202: 200::

IPv6 addr: 3000:0:FF02:202: 200::

Embedded IPv4 addr: 2.2.2.2

IPv 4 addr: 1.1.1.1

Translated IPv6 addr: 2000:0: 101: 101::

DNS64 prefix: 2000::/32

IVI prefix: 3000::/32

Dst :

1.1.1.1

Src :

2.2.2.2

Dst: 2.2.2.2

Src: 1.1.1.1 1

Dst : 3000:0: FF02: 202: 200::

Src : 2000:0: 101: 101::

Translates addresses based

on v4tov 6 AFT policy

Translates addresses based

on the recorded mappings

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS