Extraction of IPv4 Addresses Embedded in IPv6 Addresses

Feature Summary and Revision History

Summary Data

Applicable Product(s) or Functional Area

ECS

Applicable Platform(s)

  • ASR 5500

  • VPC-DI

  • VPC-SI

Feature Default

Disabled - License Required

Related Changes in This Release

Not applicable

Related Documentation

ECS Administration Guide

Command Line Interface Reference

Revision History

Revision Details

Release

Feature Description

Learning the IPv4 address, which is embedded in IPv6 address through DNS snooping, requires matching of IPv4 format against the address learnt from the DNS response.

In this release, IPv4 extraction is done by enhancing the existing Command Line Interface (CLI) for Well-known prefix and Network-specific prefix. For more information on prefixes, refer RFC6052 document.

After the required changes are done in the CLI, IPv4 address extraction happens and the lookup of IPv4 address is done using the learnt address pool.

Relationships to other Features

This feature is related to DNS Snooping feature. For more information about DNS Snooping feature, refer the DNS Snooping chapter in the ECS Administration Guide.

License Requirements

The Extraction of IPv4 Addresses Embedded in IPv6 Addresses requires the same DNS Snooping license. Contact your Cisco account representative for detailed information on specific licensing requirements. For information on installing and verifying licenses, refer to the Managing License Keys section of the Software Management Operations chapter in the System Administration Guide.

How it Works

The following procedure describes the steps to be followed for IPv4 address extraction:

  1. P-GW monitors all responses sent to the UE.

  2. P-GW snoops only the DNS response and identifies all the IP addresses resulting from the DNS response.

  3. The first data packet from IPv4 device reaches P-GW.

  4. The Session Manager receives data indication and routes the packet to the ACS manager.

  5. The ACS manager analyzes the packet and assigns data session for the flow.

  6. Prefix matching is done based on the configured prefix.

Based on the matching, IPv4 address is extracted and it is stored in the ACS data session. Then, IPv4 address starts the lookup in the IPv4 address pool and if it matches, then the traffic is matched with the DNS snooping rule. If match does not happen, then it starts to check for other rules.

Restrictions

This section identifies the restrictions to be applied in CLI for IPv4 address extraction.

Prefix-Set Restrictions:

  • Allows network-specific prefixes, well-known prefixes but restricts other prefixes.

  • Restricts configuring multiple mask values under the same prefix-set.

  • Restricts prefix removal from prefix-set, if the same prefix-set is associated with rule base-strip CLI.

  • Restricts prefix-set removal, if the same prefix-set is associated with rule base-strip CLI.

Rule base Restrictions:

  • Allows network-specific prefixes, well-known prefixes but restrict other prefixes.

  • Restricts strip CLI configuration, if rulebase prefix length is not matched to the associated prefix-set mask value.

  • Restricts strip CLI configuration, if the rule base associated prefix-set is invalid.

  • Restricts strip CLI configuration, if the available prefix-set is empty.

Associating Rulebase to Prefix-Set

Use the following configuration to associate rulebase to the prefix-set.

configure 
   active-charging service ecs_service_name 
      prefix-set prefix_set_name 
         exit 
      rulebase <rulebase_name> 
         strip server-ipv6 prefix_length prefix-set prefix_set_name 
         exit

NOTES:

  • strip server-ipv6 : Matches the prefix of server IPv6 address with the configured prefixset and prefix length. If match is found then extracts the IPv4 address from the server IPv6 address.

  • prefix_length : Enter values 32,40,48,56,64 or 96.

  • prefix-set : Configures the active configuration for Well-known prefix or Netowrk-specific prefix. You can configure a maximum of 10 IPv6 prefixes in a prefix-set.