Carrier Grade IPv6 without Service Modules

This module describes how to implement the Carrier Grade IPv6 (CGv6) without Services Modules.

MAP-E without service modules

Table 1. Feature History Table

Feature Name

Release Information

Feature Description

MAP-E support on 5th Generation ASR 9000 Series Line Cards

Release 7.4.1

MAP-E has been supported on Cisco ASR 9000 Series and Cisco ASR 9900 series 4th generation Ethernet line cards.

In this release, Map-E support is extended to the following Cisco ASR9000 Series and Cisco ASR 9900 Series 5th generation hardware:

  • A9K-20HG-FLEX-SE/TR

  • A9K-8HG-FLEX-SE/TR

  • A99-32X100GE-X-SE/TR

  • A99-10X400GE-X-SE/TR

  • A9K-4HG-FLEX-SE/TR

  • ASR-9903 fixed-port router and Port Expansion Cards (PECs)

  • ASR-9902 fixed-port router

This feature configures Mapping of Address and Portal-Encapsulation Mode (MAP-E) CGN solution without service cards (ISM or VSM). The CGN application directly interacts with the line cards to configure MAP-E.


Note


The MAP-E CGN solution without service cards (VSM/ISM) is supported on Cisco IOS XR and Cisco IOS XR 64 bit operating system.

Restrictions for Configuring MAP-E without Service Card on Cisco IOS XR 32-bit Operating System

  • MAP-E is supported on the 3rd and 4th generation of Cisco ASR 9000 Series Ethernet line cards.

  • MAP-E without service cards can be enabled only in a default VRF.

  • If MAP-E or MAP-T is enabled on an interface, other policy based routing (PBR) features such as CLI PBR, BGP Flow Spec, One Platform Kit (onePK), OpenFlow, ingress ACLs and BNG are not supported. This is because only one PBR policy is allowed on the interface per direction.

  • In a router, only one mode of either inline-service with service card or inline-service without service card is supported.

Restrictions for Configuring MAP-E without Service Card on Cisco IOS XR 64-bit Operating System

  • From Cisco IOS XR Release 7.0.1 onwards, Cisco ASR 9000 Series 4th Generation Ethernet line cards support MAP-E.

  • From Cisco IOS XR Release 7.4.1 onwards, Cisco ASR 9000 Series 5th Generation Ethernet line cards support MAP-E.

Types of exception packets handled only by Service Module:

  • IPv6 extension headers.

  • V4/V6 fragmented packets.

  • ICMP messages (excluding ICMP echo message and reply packets, which are processed by the inline interface for MAP-E)

  • TCP Maximum Segment Size and Path MTU checks.

  • Packets with Loose Source Route (LSR) and Strict Source Route (SSR) IPv4 options

Configuring MAP-E without service modules

This feature allows to configure Mapping of Address and Portal-Encapsulation Mode (MAP-E) CGN solution without service cards (ISM or VSM). The CGN application directly interacts with the line cards to configure MAP-E.

Configuring MAP-E instances without service modules

Perform these tasks to configure MAP-E without service modules.

SUMMARY STEPS

  1. configure
  2. service cgv6 instance-name
  3. service-inlineinterface-name
  4. service-type map-e instance-name
  5. end or commit

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Example:

RP/0/RSP0/CPU0:routerco# configure

Enters global configuration mode.

Step 2

service cgv6 instance-name

Example:

RP/0/RSP0/CPU0:router(config)# service
Cgv6 cgv6-1
RP/0/RSP0/CPU0:router(config-cgv6)#
 

Configures the instance for the CGv6 application and enters CGv6 configuration mode.

Note

 

The maximum number of CGv6 applications allowed for a MAP-E instance is 6.

Step 3

service-inlineinterface-name

Example:

RP/0/RSP0/CPU0:router(config-cgv6)#Service-inline interface TenGigE0/0/0/0

Configures the service-inline interface.

Step 4

service-type map-e instance-name

Example:

RP/0/RSP0/CPU0:router(config-cgv6) #service-type map-e map1
RP/0/RSP0/CPU0:router(config-cgV6-map_e)#

Configures the service type keyword definition for CGv6 MAP-E application.

Step 5

end or commit

Example:

RP/0/RSP0/CPU0:router(config-cgv6-map_e)# end
or
RP/0/RSP0/CPU0:router(config-cgv6-map_e)# Commit

Saves configuration changes.

  • When you issue the end command, the system prompts you to commit changes:

    Uncommitted changes found, commit them before exiting (yes/no/cancel)?
    [cancel]:
    • Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

    • Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

    • Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

  • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring cpe domain parameters without service modules

Perform this task to configure cpe domain interface for MAP-E without service modules.

SUMMARY STEPS

  1. configure
  2. service cgv6 instance-name
  3. service-inline interface-name
  4. service-type map-e instance-name
  5. cpe-domain ipv4 prefix ipv4 adress/prefix cpe-domain ipv6 prefix ipv6 adress/prefix
  6. end or commit

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Example:

RP/0/RSP0/CPU0:routerco# configure

Enters global configuration mode.

Step 2

service cgv6 instance-name

Example:

RP/0/RSP0/CPU0:router(config)# service
Cgv6 cgv6-1
RP/0/RSP0/CPU0:router(config-cgv6)#
 

Configures the instance for the CGv6 application and enters CGv6 configuration mode.

Step 3

service-inline interface-name

Example:

RP/0/RSP0/CPU0:router(config-cgv6)#Service-inline interface TenGigE0/0/0/0

Configures the service-inline interface.

Step 4

service-type map-e instance-name

Example:

RP/0/RSP0/CPU0:router(config-cgv6) #service-type map-e map1
RP/0/RSP0/CPU0:router(config-cgV6-map_e)#

Configures the service type keyword definition for CGv6 MAP-E application.

Step 5

cpe-domain ipv4 prefix ipv4 adress/prefix cpe-domain ipv6 prefix ipv6 adress/prefix

Example:

RP/0/RSP0/CPU0:router(config-cgv6-map_e)#cpe-domain ipv4 prefix 
120.2.1.0/24
RP/0/RSP0/CPU0:router(config-cgv6-map_e)#cpe-domain ipv6 prefix 9020:da8:2::/48

Configures the IPv4 or IPv6 prefixes of the CPE domain parameter without service modules.

Step 6

end or commit

Example:

RP/0/RSP0/CPU0:router(config-cgv6-map_e)# end
or
RP/0/RSP0/CPU0:router(config-cgv6-map_e)# Commit

Saves configuration changes.

  • When you issue the end command, the system prompts you to commit changes:

    Uncommitted changes found, commit them before exiting (yes/no/cancel)?
    [cancel]:
    • Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

    • Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

    • Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

  • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring port sharing ratio and contiguous port without service modules

Perform this task to configure port sharing ratio and contiguous port.

SUMMARY STEPS

  1. configure
  2. service cgv6 instance-name
  3. service-inline interface-name
  4. service-type map-e instance-name
  5. cpe-domain ipv4 prefix ipv4 adress/prefix cpe-domain ipv6 prefix ipv6 adress/prefix
  6. sharing-ration 256
  7. contiguous-port 16
  8. end or commit

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Example:

RP/0/RSP0/CPU0:routerco# configure

Enters global configuration mode.

Step 2

service cgv6 instance-name

Example:

RP/0/RSP0/CPU0:router(config)# service
Cgv6 cgv6-1
RP/0/RSP0/CPU0:router(config-cgv6)#
 

Configures the instance for the CGv6 application and enters CGv6 configuration mode.

Step 3

service-inline interface-name

Example:

RP/0/RSP0/CPU0:router(config-cgv6)#Service-inline interface TenGigE0/0/0/0

Configures the service-inline interface.

Step 4

service-type map-e instance-name

Example:

RP/0/RSP0/CPU0:router(config-cgv6) #service-type map-e map1
RP/0/RSP0/CPU0:router(config-cgV6-map_e)#

Configures the service type keyword definition for CGv6 MAP-E application.

Step 5

cpe-domain ipv4 prefix ipv4 adress/prefix cpe-domain ipv6 prefix ipv6 adress/prefix

Example:

RP/0/RSP0/CPU0:router(config-cgv6-map_e)#cpe-domain ipv4 prefix 
120.2.1.0/24
RP/0/RSP0/CPU0:router(config-cgv6-map_e)#cpe-domain ipv6 prefix 9020:da8:2::/48

Configures the IPv4 or IPv6 prefixes of the CPE domain parameter without service modules.

Step 6

sharing-ration 256

Example:

RP/0/RSP0/CPU0:router(config-cgv6-map_e)#sharing-ratio 256

Configures the port sharing ratio. The value for the port sharing ratio is 256.

Step 7

contiguous-port 16

Example:

RP/0/RSP0/CPU0:router(config-cgv6-map_e)#contiguous-ports 16

Configures the contiguous port. The value for the contiguous port is 16.

Step 8

end or commit

Example:

RP/0/RSP0/CPU0:router(config-cgv6-map_e)# end
or
RP/0/RSP0/CPU0:router(config-cgv6-map_e)# Commit

Saves configuration changes.

  • When you issue the end command, the system prompts you to commit changes:

    Uncommitted changes found, commit them before exiting (yes/no/cancel)?
    [cancel]:
    • Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

    • Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

    • Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

  • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring BR Endpoint Address without modules

Perform this task to configure the BR Endpoint Address without service modules.

SUMMARY STEPS

  1. configure
  2. service cgv6 instance-name
  3. service-inline interface-name
  4. service-type map-e instance-name
  5. cpe-domain ipv4 prefix ipv4 adress/prefix cpe-domain ipv6 prefix ipv6 adress/prefix
  6. sharing-ration 256
  7. contiguous-port 16
  8. br-endpoint-adress
  9. endor commit

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Example:

RP/0/RSP0/CPU0:routerco# configure

Enters global configuration mode.

Step 2

service cgv6 instance-name

Example:

RP/0/RSP0/CPU0:router(config)# service
Cgv6 cgv6-1
RP/0/RSP0/CPU0:router(config-cgv6)#
 

Configures the instance for the CGv6 application and enters CGv6 configuration mode.

Step 3

service-inline interface-name

Example:

RP/0/RSP0/CPU0:router(config-cgv6)#Service-inline interface TenGigE0/0/0/0

Configures the service-inline interface.

Step 4

service-type map-e instance-name

Example:

RP/0/RSP0/CPU0:router(config-cgv6) #service-type map-e map1
RP/0/RSP0/CPU0:router(config-cgV6-map_e)#

Configures the service type keyword definition for CGv6 MAP-E application.

Step 5

cpe-domain ipv4 prefix ipv4 adress/prefix cpe-domain ipv6 prefix ipv6 adress/prefix

Example:

RP/0/RSP0/CPU0:router(config-cgv6-map_e)#cpe-domain ipv4 prefix 
120.2.1.0/24
RP/0/RSP0/CPU0:router(config-cgv6-map_e)#cpe-domain ipv6 prefix 9020:da8:2::/48

Configures the IPv4 or IPv6 prefixes of the CPE domain parameter without service modules.

Step 6

sharing-ration 256

Example:

RP/0/RSP0/CPU0:router(config-cgv6-map_e)#sharing-ratio 256

Configures the port sharing ratio. The value for the port sharing ratio is 256.

Step 7

contiguous-port 16

Example:

RP/0/RSP0/CPU0:router(config-cgv6-map_e)#contiguous-ports 16

Configures the contiguous port. The value for the contiguous port is 16.

Step 8

br-endpoint-adress

Example:

RP/0/RSP0/CPU0:router(config-cgv6-map_e)#br-endpoint-address 9020:da8:2:ffff::1

Configures the br-endpoint-address.

Step 9

endor commit

Example:

RP/0/RSP0/CPU0:router(config-cgv6-map_e)# end
or
RP/0/RSP0/CPU0:router(config-cgv6-map_e)# Commit

Saves configuration changes.

  • When you issue the end command, the system prompts you to commit changes:

    Uncommitted changes found, commit them before exiting (yes/no/cancel)?
    [cancel]:
    • Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

    • Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

    • Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

  • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

MAP-T without Service Cards

The objective of this feature is to ensure that the Mapping of Address and Port-Translation Mode (MAP-T) CGN solution can be implemented without service cards (VSM/ISM). With this feature, the CGN application directly interacts with the line cards to configure the MAP-T parameters and eliminates the dependency on the service cards.


Note


The MAP-T CGN solution without service cards (VSM/ISM) is supported on Cisco IOS XR and Cisco IOS XR 64 bit operating system.


Restrictions for Configuring MAP-T without Service Card on Cisco IOS XR 32-bit Operating System

  • MAP-T is supported on Cisco ASR 9000 Series and Cisco ASR 9900 Series 3rd, 4th, and 5th generation Ethernet line cards.

  • If this feature is enabled on an interface, other PBR (policy based routing) features such as CLI PBR, BGP Flow Spec, One Platform Kit (onePK) or OpenFlow may not be functional; this is because only one PBR policy will be allowed on the interface.

  • In a router, only one mode of either inline-service with service card or inline-service without service card will be supported.

  • At a router level, the max scale limit for CPE domain parameters is 25 and for external domain parameters is 8k. If a single MAP-T instance has utilized 25 of CPE domain and 8k of external domain parameters; it is not possible to configure additional CPE and external domain parameters in the same router.

Restrictions for Configuring MAP-T without Service Card on Cisco IOS XR 64-bit Operating System

  • From Cisco IOS XR Release 7.0.1 onwards, Cisco ASR 9000 Series 4th Generation Ethernet line cards support MAP-T.

  • From Cisco IOS XR Release 7.1.2 onwards, Cisco ASR 9000 Series 5th Generation Ethernet line cards support MAP-T.

  • MAP-T can be enabled in normal unicast routing scenario with default VRF. With non-default VRF, MAP-T works only in L3VPN and 6VPE cloud.

  • For the IPv6 prefix length greater than 48 and less than 64 the sharing-ratio and contiguous-ports configurations are not considered during the translation.

  • The Exception and Fragmented packets are not supported with inline MAP-T.

  • In a single MAP-T instance only 255 CPE-domains are supported.


Note


When you configure the MAP-T on Cisco ASR 9000 fourth generation line cards, verify the value in the num free field of the TCAM table.

To verify the num free field values, use the show controller controllers rm tcam summary 640-ING all np all location <node-id> command.

The number of MAP-T external domains that you can configure is based on the num free field values. When you configure a number of MAP-T external domains that exceed the num free field value, it results in a complete loss of traffic.


This table shows the supported values for configuring MAP-T feature:

Table 2. Maximum Supported Values for Configuring MAP-T without Service Card on Cisco IOS XR 64-bit

Parameters

Maximum Supported Values

CGv6 Services

6

MAP-T Instances

255

CPE-domain

1023

External-domains

8191

Configuring MAP-T without Service Cards

To configure a MAP-T without service cards, perform the steps below.

SUMMARY STEPS

  1. configure
  2. service cgv6 instance-name
  3. service-inline interface type interface-path-id
  4. service-type map-t-ciscoinstance-name
  5. cpe-domain ipv4 prefix length value
  6. cpe-domain ipv6 vrf vrf-name
  7. cpe-domain ipv6 prefix length value
  8. sharing rationumber
  9. contiguous-portsnumber
  10. cpe-domain-name cpe-domain-name ipv4 prefix address/prefix ipv6 prefix address/prefix
  11. ext-domain-name ext-domain-name ipv6 prefix address/prefix ipv4-vrf vrf-name
  12. Use the commit or end command.
  13. show policy-map transient type pbr
  14. show pbr service-node table summary

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Example:

RP/0/RP0/CPU0:router# configure 

Enters global configuration mode.

Step 2

service cgv6 instance-name

Example:

RP/0/RP0/CPU0:router(config)# service cgv6 cgv6-1
RP/0/RP0/CPU0:router(config-cgv6)# 

Configures the instance for the CGv6 application and enters CGv6 configuration mode.

Note

 

The maximum number of CGv6 applications allowed for a MAP-T instance is 6.

Step 3

service-inline interface type interface-path-id

Example:

RP/0/RP0/CPU0:router(config-cgv6)# service-inline interface TenGigE0/0/0/0/0
RP/0/RP0/CPU0:router(config-cgv6)# 

Specifies an Ethernet interface on which the CGv6 service must be enabled.

Step 4

service-type map-t-ciscoinstance-name

Example:

RP/0/RP0/CPU0:router(config-cgv6)# service-type map-t-cisco map1

Configures the service type keyword definition for CGv6 MAP-T application.

application.

Step 5

cpe-domain ipv4 prefix length value

Example:

RP/0/RP0/CPU0:router(config-cgn-map-t-cisco)# cpe-domain ipv4 prefix length 24
Configures the IPv4 prefix of the CPE domain

Step 6

cpe-domain ipv6 vrf vrf-name

Example:

RP/0/RP0/CPU0:router(config-cgn-map-t-cisco)# cpe-domain ipv6 vrf mapt-v6

Enables Virtual Routing and Forwarding (VRF) for the MAP-T configuration.

Step 7

cpe-domain ipv6 prefix length value

Example:

RP/0/RP0/CPU0:router(config-cgn-map-t-cisco)#cpe-domain ipv6 prefix length 48

Assigns a value for the ipv6-prefix length to be used as part of the MAP-T instance.

Step 8

sharing rationumber

Example:

RP/0/RP0/CPU0:router(config-cgn-map-t-cisco)#sharing-ratio 256

Enters global configuration mode.

Step 9

contiguous-portsnumber

Example:

RP/0/RP0/CPU0:router(config-cgn-map-t-cisco)#contiguous-ports 8 

Specifies the Port Set ID (PSID) configuration.

Step 10

cpe-domain-name cpe-domain-name ipv4 prefix address/prefix ipv6 prefix address/prefix

Example:

RP/0/RP0/CPU0:router(config-cgn-map-t-cisco)#cpe-domain-name cpe1 ipv4-prefix 10.0.0.1 ipv6-prefix 1000:1000::1

Configures IPv4 and IPv6 prefix for a specific CPE domain.

Step 11

ext-domain-name ext-domain-name ipv6 prefix address/prefix ipv4-vrf vrf-name

Example:

RP/0/RP0/CPU0:router(config-cgn-map-t-cisco)#ext-domain-name ext1 ipv6-prefix 2000:2000::1/48 ipv4-vrf mapt

Configures IPv6 prefix and IPv4 VRF for the external domain.

Step 12

Use the commit or end command.

commit —Saves the configuration changes and remains within the configuration session.

end —Prompts user to take one of these actions:
  • Yes — Saves configuration changes and exits the configuration session.

  • No —Exits the configuration session without committing the configuration changes.

  • Cancel —Remains in the configuration session, without committing the configuration changes.

Step 13

show policy-map transient type pbr

Example:

RP/0/RP0/CPU0:router#show policy-map transient type pbr

Displays the transient list type pbr of the policy-map.

Step 14

show pbr service-node table summary

Example:

RP/0/RP0/CPU0:router#show pbr service-node table summary 

Displays the output for the class-maps.

Configuration Example

The following example shows the configuration of MAP-T without service cards:
RP/0/RP0/CPU0:router#show running-config service cgv6 cgv6-1
service cgv6 cgv6-1
service-inline interface Bundle-Ether2
service-type map-t-cisco mapt1
  cpe-domain ipv4 prefix length 24
  cpe-domain ipv6 vrf SVRF-003
  sharing-ratio 256
  contiguous-ports 8
  cpe-domain-name cpe1 ipv4-prefix 192.1.1.0 ipv6-prefix 2301:d01:1122::
  ext-domain-name ext1 ipv6-prefix 3301:d01:1122::/48 ipv4-vrf VRF-1
!
!

The following example shows the running configuration of MAP-T without service cards:

The following example shows the verification output:
RP/0/RP0/CPU0:router#show policy-map transient type pbr
policy-map type pbr CGN_0
handle:0x38000002
table description: L3 IPv4 and IPv6
class handle:0x78000003  sequence 1
   match destination-address ipv4 192.1.1.0 255.255.255.0--->should match the cpe domain IPV4 address and mask
  punt service-node index 1001 app-id 0 local-id 0xfa1
! 
 class handle:0x78000004  sequence 1
   match destination-address ipv6 3301:d01:1122::/48--->should match the ext domain IPV6 address and mask
  punt service-node index 2001 app-id 0 local-id 0x1771
! 
 class handle:0xf8000002  sequence 4294967295 (class-default)
! 
 end-policy-map
The following example shows the output for the class-maps:
RP/0/RP0/CPU0:router#show pbr service-node table summary 

Service node count: 4
nodeid node0_RSP1_CPU0
_____________________________________
 Name         VIdx         Enc
_____________________________________
 CGN_1001           1001   cgn
 CGN_3001           3001   cgn
 CGN_5001           5001   cgn
 CGN_7001           7001   cgn

MAP-T Enhancements

Table 3. Feature History Table

Feature Name

Release Information

Feature Description

MAP-T Enhancements

Release 7.11.1

Using Mapping of Address and Port Translation (MAP-T), you can now configure the IPv6 CPE domain prefix length as a non-multiple of eight, which enhances the prefix pool to accommodate a flexible size of the network portion of the IPv6 address. MAP-T also supports non-TCP/UDP/ICMP packets, ICMP error messages, and fragmented packets, which ensure reliable IPv6 connectivity over an IPv4 infrastructure and the other way around. These enhancements are available only on Cisco ASR 9000 Series Fifth Generation high-density Ethernet line cards.

The feature introduces these changes:

CLI: New

YANG Data Model: Cisco-IOS-XR-se-cgn-cfg

(see GitHub, YANG Data Models Navigator)

From Release 7.11.1, the Mapping of Address and Port Translation (MAP-T) on Cisco ASR 9000 Series Fifth Generation high-density ethernet line cards supports:

  • Configuring the IPv6 CPE domain prefix length as a nonmultiple of eight

  • MAP-T of non-TCP/UDP/ICMP packets

  • MAP-T of ICMP error messages

L4 Packets (Non-TCP/UDP/ICMP) and ICMP Error Messages Handling

Figure 1. MAP-T L4 packets (Non-TCP/UDP/ICMP) and ICMP Error Messages Handling Topology
  1. On a dedicated interface HundredGigE0/0/0/1, when a Cisco ASR 9000 Series Router which acts as Border-Relay (BR) receives the IPv6 packets (Listed in the Table: MAP-T Supported Packets Types) from R1 router over an IPv6 network, BR performs MAP-T of the packet from IPv6 to IPv4 and forwards to R2 router on HundredGigE0/3/0/1 interface over an IPv4 network.

  2. When BR receives the IPv4 packets (Listed in the Table: MAP-T Supported Packets Types) from R2 router on a dedicated interface HundredGigE0/3/0/1 over an IPv4 network, it performs MAP-T of the packet from IPv4 to IPv6 and forwards to R1 router on HundredGigE0/0/0/1 over an IPv6 network.

Table 4. MAP-T Supported Packets Types

Packet Type

Description

Layer-4 packets

Layer-4 packets such as GRE, ESP, AH, IP-in-IP, L2TP, SCTP

ICMP Type 11

Time exceeded Message

ICMP Type 3 Code 0—4 messages

ICMP Type 3 (destination Unreachable) message supports the following codes:

  • Code—0: Net unreachable

  • Code—1: Net unreachable

  • Code—2: Protocol Unreachable

  • Code—3: Port Unreachable

  • Code—4: Fragmentation needed and DF set

    Note

     

    An ICMPv4 type 3 code 4 message is generated by Cisco ASR 9000 Series Router acting as BR, when:

    • The incoming packet size is larger than the configured IPv6 service MTU value.

    • DF bit is set to 1.

Fragmentation Handling

Prerequisite:

Ensure that you have any router from the Cisco Catalyst 8000 edge platforms family to handle the translation of fragmented packets whose length is greater than the configured service MTU.

Figure 2. MAP-T Fragmented Traffic Handling Topology

On a dedicated ingress inline interface, when a Cisco ASR 9000 Series Router receives a packet from R2 router on the HundredGigE0/3/0/1 interface, whose length is larger than the configured service IPv6 MTU size, it requires fragmentation. The received packet is sent to the Cisco Catalyst edge router to handle the translation of the fragmented packet on the HundredGigE0/3/0/5 interface. If the incoming packet from router R2 itself is fragmented packet, the fragmented packet is sent to the Cisco Catalyst 8000 edge router to handle its MAP-T. After the fragmentation is handled at the Cisco Catalyst edge router, the fragmented packet is sent back from the Cisco Catalyst edge router to the Cisco ASR 9000 Series Router on the HundredGigE0/3/0/5 interface and the checksum is calculated for the fragmented packet. The Cisco ASR 9000 Series Router forwards these packets to R1 router on the HundredGigE0/1/0/0 interface over an IPv6 network.


Note


The Cisco Catalyst edge router can be replaced with any other router which can handle MAP-T of fragmented packets and is in compliant with MAP-T standards.

For details on Cisco Catalyst 8000 edge router configuration for fragmented packets, see Cisco Catalyst 8000 Edge Platform Router Configuration


From Release 7.11.1, the following ICMP error messages types are translated.

Table 5. Translating ICMP IPv4 Headers to ICMP IPv6 Headers

Error Type

ICMP IPv4 Header

Translated ICMP IPv6 Header Description

Time exceeded (Type 11)

Time exceeded (Type 11)

Type 3

Time Exceeded

Destination Unreachable (Type 3)

Network Unreachable (code 0)

Type 1 code 0

Communication with destination administratively prohibited

Host Unreachable (code 1)

Type 1 code 0

No route to destination

Protocol Unreachable (code 2)

Type 4 code 1

Unrecognized Next Header type encountered

Port Unreachable (code 3)

Type 1 code 4

Port unreachable

Fragmentation Needed and DF was set (code 4)

Type 2 code 0

This message is translated to ICMPv6 Packet Too Big message (Type 2) with code set to zero.

When the configured CGN service MTU values are:

  • Zero—MTU value is set to the default value which is 1280 bytes.

  • Greater than zero—MTU value is set to 1280+20 bytes.

  • Not configured for path MTU discovery (PMTUD) noncompliance system—Packet is dropped.

Table 6. Translating ICMP IPv6 Headers to ICMP IPv4 Headers

Error Type

ICMP IPv6 Header

Translated ICMP IPv4 Header Description

Time Exceeded (type 3)

Hop limit exceeded in transmit (code 0)

Type 11 code 0

Time to Live exceeded in Transit

Destination Unreachable (Type 1)

No route to destination (code 0)

Type 3 Code 1

No route to destination

Communication with destination prohibited (code 1)

Type 1 code 10

Communication with destination prohibited

Beyond scope of source address (code 2)

Type 1 Code 1

Beyond scope of source address

Address unreachable (code 3)

Type 1 Code 1

Address unreachable

Port unreachable (code 4)

Type 1 code 3

Port unreachable

Packet Too Big (Type 2)

Type 3 code 4

Fragmentation Needed and Don't Fragment bit is set.

When the configured CGN service MTU values are:

  • Zero—MTU value defined in the Packet Too Big Message is considered.

  • Other than zero—MTU value is set as the MTU value in the Packet Too Big Message-20 bytes.

  • Not configured for path MTU discovery (PMTUD) noncompliance system—Packet is dropped.

Limitations and Scale Statistics

Limitations
  • MAP-T logging isn’t supported for fragmented packets. You can view the fragmented packet count using the show cgv6 map-t-cisco map-t-namestatistics command.

  • Ensure that the nexthop is reachable from the Cisco ASR 9000 Series Router through the LSP where MAP-T is configured.

    When there’s no route or adjacency to redirect nexthop or the link to the second device (Catalyst 8000 Edge Platforms) is down, all packets are forwarded to the existing IPv4 or IPv6 exception path and dropped in LSP NPU. The dropped packets aren’t visible in the drop counters of the show cgv6 map-t-cisco map-t-name statistics command, but they appear under a set to redirect counters of the same command.

  • Any modification to the existing MAP-T instance configuration clears all the statistics of that instance.

  • MAP-T supports configuring the IPv6 CPE domain prefix length as a nonmultiple of eight on Cisco ASR 9000 Series Fifth Generation High-Density Ethernet line cards. For other generation line cards, the router accepts the configuration but logs an error message in syslog as
    Router# non-byte order CPE Domain Prefix len:41 is not supported on this Linecard.
Scale Statistics

ASR 9000 Series Router support:

  • 255 MAP-T instances per system

  • 255 CPE domains per MAP-T instance

  • 1023 CPE domains per system

  • 8191 external-domains per system

  • 6 CGv6 services per system

Configuring MAP-T Enhancements

Configuring MAP-T enhancement on Cisco ASR 9000 Series Fifth Generation High-Density Ethernet Line Cards includes:

MAP-T Configuration on Cisco ASR 9000 Series Router
Configuration Example
Router# configure 
Router(config)# service cgv6 cgn6 
Router(confi-cgv6)# service-inline interface Bundle-Ether1 
Router(confi-cgv6)# service-type map-t-cisco maptff
/*maptff — MAP-T instance name*/
Route(confi-cgv6-mapt-cisco)# cpe-domain ipv4 prefix length 30
Router(confi-cgv6-mapt-cisco)# cpe-domain ipv6 vrf default
Router(confi-cgv6-mapt-cisco)# cpe-domain ipv6 prefix length 56
Router(confi-cgv6-mapt-cisco)# sharing-ratio 64
Router(confi-cgv6-mapt-cisco)# contiguous-ports 16
Router(confi-cgv6-mapt-cisco)# cpe-domain-name cpe5 ipv4-prefix 192.0.2.1 ipv6-prefix 2001:db8:0002:100::/48
Router(confi-cgv6-mapt-cisco)# ext-domain-name ext5 ipv6-prefix 2001:DB8::/48 ipv4-vrf default
/* Use the following configuration to configure MTU and for traffic redirection/*
Router(confi-cgv6-mapt-cisco)# service-ipv4-mtu 1300
Router(confi-cgv6-mapt-cisco)# service-ipv6-mtu 1294
Router(confi-cgv6-mapt-cisco)# service-ipv4-nexthop addr 8.8.8.2 vrf default
Router(confi-cgv6-mapt-cisco)# service-ipv6-nexthop addr 8:8:8::2 vrf default
Router(confi-cgv6-mapt-cisco)# commit
Router(confi-cgv6-mapt-cisco)# end
Running Configuration
service cgv6 cgn6
 service-inline interface Bundle-Ether1
 service-type map-t-cisco maptff
  cpe-domain ipv4 prefix length 30
  cpe-domain ipv6 vrf default
  cpe-domain ipv6 prefix length 56
  sharing-ratio 64
  contiguous-ports 16
  service-ipv4-mtu 1300
  service-ipv6-mtu 1294
  service-ipv4-nexthop addr 8.8.8.2 vrf default 
  service-ipv6-nexthop addr 8:8:8::2 vrf default 
  cpe-domain-name cpe5 ipv4-prefix 192.0.2.1 ipv6-prefix 2001:db8:0002:100::/48
  ext-domain-name ext5 ipv6-prefix 2001:DB8::/48 ipv4-vrf default
 !
!

Note


VRF configuration is optional. When no VRF is configured, the default VRF is considered for redirecting the packets using service IPv4 or IPv6 nexthop address.


Statistics of MAP-T Functionality

Use the sh int bundle-ether 1 command to check the bundle ether interface configuration.

Router# sh int bundle-ether 1
Bundle-Ether1 is down, line protocol is down 
  Interface state transitions: 0
  Hardware is Aggregated Ethernet interface(s), address is 0024.f71f.790d
  Internet address is Unknown
  MTU 1514 bytes, BW 0 Kbit
     reliability 255/255, txload Unknown, rxload Unknown
  Encapsulation ARPA,
  Full-duplex, 0Kb/s
  loopback not set,
    No. of members in this bundle: 2
      HundredGigE0/0/0/12          Full-duplex  100000Mb/s   Configured      
      HundredGigE0/0/0/13          Full-duplex  100000Mb/s   Configured      
  Last input never, output never
  Last clearing of "show interface" counters never
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 total input drops
     0 drops for unrecognized upper-level protocol
     Received 0 broadcast packets, 0 multicast packets
              0 runts, 0 giants, 0 throttles, 0 parity
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 total output drops
     Output 0 broadcast packets, 0 multicast packets
Router# sh contr np ports  all location 0/0/CPU0 

                Node: 0/0/CPU0:
----------------------------------------------------------------

NP Bridge Fia                       Ports                      
-- ------ --- --------------------------------------------------- 
0  --     0   TenGigE0/0/0/0/0 - TenGigE0/0/0/0/3, HundredGigE0/0/0/1 - HundredGigE0/0/0/3 
1  --     1   HundredGigE0/0/0/4 - HundredGigE0/0/0/7 
2  --     2   HundredGigE0/0/0/8 - HundredGigE0/0/0/11 
3   --     3   HundredGigE0/0/0/12 - HundredGigE0/0/0/14, TenGigE0/0/0/15/0 - TenGigE0/0/0/15/3

NP number 3 is for both the bundle members. Use the sh contr np counters np3 location 0/0/CPU0 command to see NP3 MAP-T counters.

Router# sh contr np counters np3 location 0/0/CPU0 

                Node: 0/0/CPU0:
----------------------------------------------------------------

Show global stats counters for NP3, revision v0

Last clearing of counters for this NP: NEVER 

Read 0 non-zero NP counters:
Offset  Counter                                               FrameValue   Rate (pps)
-------------------------------------------------------------------------------------
 117  Drop packets captured                                         7255           0
 227  L2 aging scan not enabled                                     3556           0
 289  MAP-T Service Cfg Common Lkp No Match                           19           0
 290  MAP-T Service Cfg Meta Lkp No Match                             41           0
 291  MAP-T Service Ext Common Lkp No Match                            1           0
 292  MAP-T Service Ext Meta Lkp No Match                             26           0
 293  MAP-T Service Processing Entry                          3578614234        1011
 294  MAP-T frag pkt set to redirect for transl                 16163049        1011
 295  MAP-T v4 pkt set to redirect for transl                     118331        1011
 296  MAP-T v4 pkt set to redirect for v6 frag needed             101174           0
 298  MAP-T v4 to v6 translated                                    65233           0
 299  MAP-T v6 pkt set to redirect for transl                   25223172           0
 300  MAP-T v6 pkt set to redirect for v4 frag needed            9077280           0
 301  MAP-T v6 to v4 translated                               3549122635           0
 308  MAPT - TBPG Event                                          1060386         171
 367  TBPG L2 mailbox events                                      933891         150
 368  TBPG MAC scan events                                         15568           3
 369  TBPG stat events                                          59769049        9626
 433  Egress UIDB in down state                                        3           0
 650  MAP-T v4 to v6 drops                                            87           0
 651  MAP-T v6 to v4 drops                                       4084776           0
 784  Inject to port                                                 282           0
1430  IPv6 disabled in UIDB                                       353218           0
1503  ARP                                                              1           0
1524  Diags                                                           96           0
1611  IFIB                                                             5           0
1695  Diags RSP active                                                99           0
1755  IPv4 adjacency null route                                       36           0
2001  IPv4 incomplete Tx adjacency                                   220           0
2002  Punt policer: IPv4 incomplete Tx adjacency                   15549           0
2016  IPv6 incomplete Tx adjacency                                   216           0
2017  Punt policer: IPv6 incomplete Tx adjacency                    2161           0
  HW  Received from Line                                      3578967506        1011
  HW  Transmit to Fabric                                      3574529482        1011
  HW  Received from Fabric                                    3574294217           0
  HW  Transmit to Line                                        3574276238           0
  HW  Host Inject Received                                           365           0
  HW  Host Punt Transmit                                             574           0
  HW  Local Loopback Received at iGTR                                407           0
  HW  Local Loopback Transmit by iGTR                                407           0
  HW  Local Loopback Received at Egress                              407           0
  HW  Transmit to TM from eGTR                                3574276911           0
  HW  Transmit to L2                                          3574276812           0
  HW  Received from Service Loopback                                  99           0
  HW  Transmit to Service Loopback                                    99           0
  HW  Internal generated by PDMA                               145853497       23477

Note


  • Use the sh contr np ports all location <loc> command to view the network processor's global MAP-T packet count.

  • Use the clear cgv6 map-t-cisco mapt statistics command to clear the MAP-T statistics.


MAP-T Instance Counters

Use the sh cgv6 map-t-cisco map-t instance name mapt statistics command to view the counters specific to a MAP-T instance. MAP-T instance is configured using a service-type map-t-cisco command. MAP-T instance-specific counters along with their description can be found in the MAP-T Instance Counters and Description table.

Router# sh cgv6 map-t-cisco mapt statistics
Map-t-cisco IPv6 to IPv4 counters:
...
...
Translated other L4 protocol Count: 0

Udp Fragmentation Needed Packet set to Redirect Count: 0 

Udp Fragmentation Needed Packet Drop before Redirection Count : 0

Udp Fragmented Packet set to Redirect Count: 0
          
Udp Fragmented Packet Drop before Redirection Count: 0

Tcp Fragmentation Needed Packet set to Redirect Count: 0

Tcp Fragmentation Needed Packet Drop before Redirection Count : 0

Tcp Fragmented Packet set to Redirect Count: 0

Tcp Fragmented Packet Drop before Redirection Count: 0

Icmp Fragmentation Needed Packet set to Redirect Count: 0
Icmp Fragmentation Needed Packet set to Redirect Count: 0

Icmp Fragmented Packet set to Redirect Count: 0

Icmp Fragmented Packet Drop before Redirection Count : 0

Other Fragmentation Needed Packet set to Redirect Count: 0

Other Fragmentation Needed Packet Drop before Redirection Count : 0

Other Fragmented Packet set to Redirect Count: 0

Other Fragmented Packet Drop before Redirection Count : 0
...
...
Map-t-cisco IPv4 to IPv6 counters:
...
...
Translated other L4 protocol Count: 0

Udp Fragmentation Needed Packet set to Redirect Count: 0 

Udp Fragmentation Needed Packet Drop before Redirection Count : 0

Udp Fragmented Packet set to Redirect Count: 0
          
Udp Fragmented Packet Drop before Redirection Count: 0
Tcp Fragmentation Needed Packet set to Redirect Count: 0

Tcp Fragmentation Needed Packet Drop before Redirection Count : 0

Tcp Fragmented Packet set to Redirect Count: 0

Tcp Fragmented Packet Drop before Redirection Count: 0

Icmp Fragmentation Needed Packet set to Redirect Count: 0

Icmp Fragmentation Needed Packet set to Redirect Count: 0

Icmp Fragmented Packet set to Redirect Count: 0

Icmp Fragmented Packet Drop before Redirection Count : 0

Other Fragmentation Needed Packet set to Redirect Count: 0

Other Fragmentation Needed Packet Drop before Redirection Count : 0

Other Fragmented Packet set to Redirect Count: 0

Other Fragmented Packet Drop before Redirection Count : 0

The following table lists the MAP-T instance counters on Cisco ASR 9000 Series Fifth Generation High-Density Ethernet line cards and their description.

Table 7. MAP-T Instance Counters and Description

Counter

Description

Translated other L4 protocol Count

Nonstandard L4 protocol packet (Non-TCP/UDP/ICMP packets) that are translated by NPU.

Udp Fragmentation Needed Packet set to Redirect Count

UDP packets having packet size larger than the configured service MTU value, which is set to redirect to the second device.

Udp Fragmentation Needed Packet Drop before Redirection Count

UDP packets having packet size larger than the configured service MTU value, which need to be redirected to the second device, but are dropped due to Port Set Identifier (PSID) check.

Udp Fragmented Packet set to Redirect Count

UDP fragmented packets, which are set to redirect to the second device.

Udp Fragmented Packet Drop before Redirection Count

UDP fragmented packets, which need to be redirected to the second device, but are dropped due to PSID check.

Tcp Fragmentation Needed Packet set to Redirect Count

TCP packets having packet size larger than the configured service MTU value, which is set to redirect to the second device.

Tcp Fragmentation Needed Packet Drop before Redirection Count

TCP packets having packet size larger than the configured service MTU value, which needs to be redirected to the second device, but are dropped due to PSID check.

Tcp Fragmented Packet set to Redirect Count

TCP fragmented packets, which are set to redirect to the second device.

Tcp Fragmented Packet Drop before Redirection Count

TCP fragmented packets, which need to be redirected to the second device, but are dropped due to PSID check.

Icmp Fragmentation Needed Packet set to Redirect Count

ICMP packets having packet size larger than the configured service MTU value, which is set to redirect to the second device.

Icmp Fragmentation Needed Packet Drop before Redirection Count

ICMP packets having packet size larger than the configured service MTU value, which needs to be redirected to the second device, but are dropped due to PSID check.

Icmp Fragmented Packet set to Redirect Count

ICMP fragmented packets, which are set to redirect to the second device.

Icmp Fragmented Packet Drop before Redirection Count

ICMP fragmented packets, which need to be redirected to the second device, but are dropped due to PSID check.

Other Fragmentation Needed Packet set to Redirect Count

Nonstandard L4 protocol packet (Non-TCP/UDP/ICMP packets) having packet size larger than the configured service mtu value, which is set to redirect to the second device.

Other Fragmentation Needed Packet Drop before Redirection Count

Nonstandard L4 protocol packet (Non-TCP/UDP/ICMP packets) having packet size larger than the configured service mtu value, which needs to be redirected to the second device, but are dropped due to PSID check.

Other Fragmented Packet set to Redirect Count

Nonstandard L4 protocol packet (Non-TCP/UDP/ICMP packets) fragmented packets, which are set to redirect to the second device.

Other Fragmented Packet Drop before Redirection Count

Nonstandard L4 protocol packet (Non-TCP/UDP/ICMP packets) fragmented packets, which need to be redirected to the second device, but are dropped due to PSID check.

Cisco Catalyst 8000 Edge Platform Router Configuration

Use the following configuration in a redirection router (Cisco Catalyst 8000 Edge Platforms) to handle fragment traffic.

Configuration Example
Router# nat64 map-t domain 3
/*Domain range is from 1-10000*/
Router(config-nat64-mapt)# default-mapping-rule Ip-v6-prefix 2001:DB8::/48
/*Default Mapping Rule maps to IPv6 prefix in ext-domain configuration*/
Router(config-nat64-mapt)# basic-mapping-rule
/*Basic Mapping Rule maps to IPv6 prefix in cpe-domain configuration.*/
Router(config-nat64-mapt-bmr)# ip-v6-prefix 2001:db8:0002:100::/48 
Router(config-nat64-mapt-bmr)# ip-v4-prefix 192.0.2.1/24
Router(config-nat64-mapt-bmr)# port-parameters share-ratio 256 start-port 1024

Note


contiguous-ports isn’t a configurable parameter. It’s derived as follows:

contiguous-ports = start-port / share-ratio.

When start-port is 1024 and share-ratio is 256, the contiguous-ports value is 4.


Running Configuration
MAP-T Domain 3
   Mode MAP
   Default-mapping-rule
      Ip-v6-prefix 2001:DB8::/48
   Basic-mapping-rule
      Ip-v6-prefix 2001:db8:0002:100::/48
      Ip-v4-prefix 192.0.2.1/24
      Port-parameters
         Share-ratio 256   Contiguous-ports 4   Start-port 1024
         Share-ratio-bits 8   Contiguous-ports-bits 2   Port-offset-bits 7
Verification
Router# sh nat64 statistics 
NAT64 Statistics

Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Sessions found: 1
Sessions created: 1
Expired translations: 0
Global Stats:
          ....
          ....
          ....
         MAP-T: 612970
         MAP-E: 0

Overview of MAP-T Logging

MAP-T Logging feature records and exports the IPv4 to IPv6 and IPv6 to IPv4 address translation information to the server. It captures all the following information and stores in the server as a template. It helps to map which IPv4 address translated to which corresponding IPv6 address, and vice versa.

A single translated flow captures the following details:

  • IPv4 source address

  • IPv4 destination address

  • Source port

  • Destination port

  • VRF name configured in CPE-domain

  • VRF name configured in EXT-domain

  • Timestamp

  • IPv6 source address

  • IPv6 destination address

Following is the detail information:

  • Ports are not being translated during MAP-T conversion so there is no pre-NAT or post-NAT display. Only one pair of IPv4 or IPv6 address or port is displayed in a MAP-T logging record.
  • There is no indication that MAP-T converted flow is IPv4 to IPv6 or IPv6 to IPv4.

  • The following information is displayed from the point of view IPv4 packet, which is IPv4 to IPv6:

    • The ingress VRF is of IPv4 address, and the egress VRF is of IPv6 address.

    • The Layer 4 destination port and source port are the same as seen in IPv4 packet header.
  • Flows with same address pair in different VRFs are considered as separate flows.

  • Any new flow that comes in, after 512k flows are learnt, is dropped. There is no MAP-T conversion for any new flow.

  • Output interface is not displayed in the records.

  • A 60 second timer runs by default for all flows. If any flow is active for 60 seconds, it is exported out. This is to ensure high availability. If a line card went down or there was a network process failure, all learned flow available in the system for at least 60 seconds will not be lost.

Restrictions

  • Ipv4 to IPv6 and IPv6 to IPv4 address translation flow for same pair of address is considered as a single flow if IPv4 to IPv6 and IPvV6 to IPv4 traffic is on same network process. Flow learning across different network process cannot be considered as the same flow on that line card. If they are on a different network process, they are considered as two different flow. Flow collector application can identify unique flows.

  • There is a 3-second deviation in flow expiration timer as it takes 3 seconds to scan all the 512k flows.

Configuration Example

/* Configure the MAP-T Monitor command */
RP/0/RSP0/CPU0:ios(config)# flow monitor-map map1 
RP/0/RSP0/CPU0:ios(config-fmm)# record map-t
RP/0/RSP0/CPU0:ios(config-fmm)# exporter exp1

/* Apply the MAP-T monitor in the ingress interface where translation happens */
RP/0/RSP0/CPU0:ios(config)# interface HundredGigE 0/0/0/2
RP/0/RSP0/CPU0:ios(config-if)# flow map-t monitor map1 ingress

/* Configure the interface in Border Relay (BR) to export the flows to Logging server*/
RP/0/RSP0/CPU0:ios(config)# flow exporter-map exp1
RP/0/RSP0/CPU0:ios(config-fem)# version v9 
RP/0/RSP0/CPU0:ios(config-fem)# source TenGigE0/4/0/2 
/* Configure the IP address of the server interface */
RP/0/RSP0/CPU0:ios(config-fem)# destination 10.0.0.1