Chapter 9 Topology Hiding
IPv6 Support
packet has the endpoint’s IP address as the destination address, and the MGC/SBE IP address as the source address. In Single NAPT, the DBE changes the source address to use the DBE IP address. See the “IPv6 Single NAPT for Signaling” section on page
No NAPT means the received SBC packets do not contain any DBE local addresses because the DBE does not translate any IP addresses and ports during packet forwarding. The DBE rewrites neither the source nor destination addresses and ports in both directions. See the “IPv6 No NAPT Support for Media Flows” section on page
IPv6 Pinholes
DBE support of IPv6 pinholes includes the following functionality:
•The DBE supports forwarding of media from one IPv6 endpoint to another IPv6 endpoint.
•The DBE supports IPv4 and IPv6 endpoints simultaneously. However, no interworking between IPv4 and IPv6 endpoints is supported. IPv4 endpoints can only forward media to other IPv4 endpoints and IPv6 endpoints can only forward media to other IPv6 endpoints.
•The DBE supports configuration of IPv6 pinhole addresses and pinhole address pools.
•DBE supports signaling pinholes using IPv6 addresses.
Support is added for the MGC to specify the address and port in the Megaco local descriptor for terminations as one of the following:
•An address and port that are not owned by the SBC and not configured in a media address range on the SBC, but matching the remote address and port for the other termination in the stream.
•An address range, in the form of a classless interdomain routing (CIDR) mask (for example, 10.13.8.0/21) together with a 0 port number, that does not overlap with any address ranges owned by the SBC or any media address range configured on the SBC, but the address and port match the gm/rsam (Gate Management/remote source address mask) for the other termination in the stream.
SBC recognizes these “local” addresses as signifying Single NAPT pinholes. And if specified for both terminations in the stream, SBC recognizes these addresses as No NAPT pinholes. All pinholes only forward packets to a full destination address and port that was either specified in the remote descriptor or latched to (within a gm/rsam that matches the local address mask).
IPv6 No NAPT Support for Media Flows
To support IPv6 on the DBE deployment, media flows do not support NAPT. No NAPT support means that no IP addresses and ports are translated by the DBE from a private address to a public address (for multiple users to share a single public address).
Because media addresses and ports are not translated, media flows on both sides of the media address are programmed with private, local addresses and ports that do not belong to the DBE. These local addresses and ports are specified by the MGC to match the remote address and port on the opposite side of the media address. Traffic in both directions is addressed directly to the remote endpoint on the other side of the DBE. The DBE rewrites neither the source nor destination addresses and ports in both directions because the DBE does not translate any IP addresses and ports during packet forwarding. Neither the source address nor destination address contains any DBE local media addresses.
Cisco IOS XE Integrated Session Border Controller Configuration Guide for the Cisco ASR 1000 Series Aggregation Services Routers
| ||
|
