Support User Manuals

Cisco Systems ASR 1000 Network Router User Manual

Open as PDF

of 112

9-8

Cisco IOS XE Integrated Session Border Controller Configuration Guide for the Cisco ASR 1000 Series Aggregation Services Routers

OL-15421-01

Chapter 9 Topology Hiding

IPv6 Support

Figure 9-2 illustrates a Single NAPT signaling flow through the DBE between user side A and user side

B.

Figure 9-2 Single NAPT Signaling Flow

1. User side A sends a packet from IP address and port 2001:10::10/5060 to the DBE’s local media

address and port 2001:88::8/2028 for this pinhole. User side A only knows the DBE’s local address

and port 2001:88::8/2028. The source IP address is within the specified gm/rsam, so the DBE

matches this packet to the flow.

2. The DBE applies QoS policing and forwards the packet to the MGC (user side B) without rewriting

the source IP address and port. Under Single NAPT processing, the DBE changes the destination

address and port to 2001:11::11/5060 on the MGC (side B) by replacing 2001:88::8/2028 with side

B’s address and port from the remote descriptor on side B. The MGC (side B) does not know about

the 2001:88::8/2028 address and port on the DBE. After the DBE performs latching, the source

address and port from side A becomes, in effect, the destination address and port in step 3 and step

4 for side B.

3. The MGC (side B) sends a packet to user side A with the destination address and port

2001:10::10/5060 copied from the source IP address and port of the packet it just received—that is,

the address and port of side A. The DBE has intercepted the packet and matched it to the side B flow.

4. The DBE applies QoS policing and forwards the packet to side A without rewriting the destination

IP address and port 2001:10::10/5060. However, under Single NAPT processing, the DBE rewrites

the source IP address and port 2001:11::11/5060 to be 2001:88::8/2028, which is the local address

and port of the side A flow.

DBE Restrictions

The following are restrictions of DBE support for IPv6 pinholes:

• DBE does not support IPv6 for control communications with the SBE. H.248 communication with

the controlling SBE is over IPv4 only.

• DBE does not support IPv6 addresses that are not global unicast addresses.

• DBE does not support IPv6 addresses that do not use the default zone.

• DBE does not use the IPv6 Flow Label to classify packets. It continues to use the transport protocol

type (UDP/TCP) and local and remote ports, as with IPv4. Outgoing packets originating from the

DBE, such as DTMF packets, have a Flow Label of 0.

• DBE does not support forwarding between IPv4 and IPv6 endpoints. In particular, 6 to 4 addresses

(prefixed with 2002::/16) are treated as global unicast native IPv6 addresses.

• Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) link-local addresses are not supported.

1

4

2

3

User Side A User Side BDBE

recv

recv

send

send

230525

recv

recv

send

send

10.10.231.15:5060 10.10.231.15:506010.10.231.15:5060 82.19.12.134:5060

2001:10::10/5060 2001:10::10/50602001:88::8/2028 2001:11::11/5060

previous next