Tip
This is the documentation for the 19.02 version. Looking for the documentation of the latest version? Have a look here.
- orphan:
MAP Parameters¶
MAP Parameters control the behavior of MAP-T and MAP-E. These parameters are
configured by the nat nat64 map parameters
command from within config
mode, which enters config-map-param
mode where the individual values are
set.
From within config-map-param
mode, the following commands are available:
- fragment ignore-df:
Allows TNSR to perform IPv4 fragmentation even when packets contain the do-not-fragment (DF) bit. This improves performance by moving the burden of fragmentation to the endpoint rather than the MAP relay.
- fragment (inner|outer):
Controls whether TNSR will fragment the inner (encapsulated or translated) packets or the outer (tunnel) packets.
- icmp source-address <ipv4-address>:
Sets the IPv4 address used by TNSR to send relayed ICMP error messages.
- icmp6 unreachable-msgs (enable|disable):
When enabled, TNSR will generate ICMPv6 unreachable messages when a packet fails to match a MAP domain or fails a security check.
- pre-resolve (ipv4|ipv6) next-hop <ip46-address>:
Manually configures the next hop for IPv4 or IPv6 routing of MAP traffic, which bypasses a routing table lookup. This increases performance, but means that the next hop cannot be determined dynamically or by routing protocol.
- reassembly (ipv4|ipv6) buffers <bufs>:
The maximum number of cached fragment buffers. Setting a limit can improve resilience to DoS/resource exhaustion attacks.
- reassembly (ipv4|ipv6) ht-ratio <ratio>:
The fragment hash table multiplier, expressed as a ratio such as
1:18
. This ratio, multiplied bypool-size
, determines the number of buckets in the hash table.- reassembly (ipv4|ipv6) lifetime <lf>:
The life time, in milliseconds, of a reassembly attempt. Longer times allow for more accurate reassembly at the expense of consuming more resources and potentially exhausting available fragment resources.
- reassembly (ipv4|ipv6) pool-size <ps>:
The fragment pool size, in bytes. This controls how many sets of fragments can be allocated.
- security-check (enable|disable):
Enables or disables validation of decapsulated IPv4 addresses against the external IPv6 address on single packets or the first fragment of a packet. Disabling the check increases performance but potentially allows IPv4 address spoofing.
- security-check fragments (enable|disable):
Extends the previous security check to all fragments instead of only inspecting the first packet.
- tcp mss <mss-value>:
Sets the MSS value for MAP traffic, typically the MTU less 40 bytes.
- traffic-class tc <tc-val>:
Sets the Class/TOS field of outer IPv6 packets to the specified value.
- traffic-class copy (enable|disable):
When enabled, copies the class/TOS field from the inner IPv4 packet header to the outer IPv6 header. This is enabled by default, but disabling can slightly improve performance.
View MAP Parameters¶
The current value of MAP parameters can be displayed by the show map
command:
tnsr# show map
MAP Parameters
--------------
Fragment: outer
Fragment ignore-df: false
ICMP source address: 0.0.0.0
ICMP6 unreachable msgs: disabled
Pre-resolve IPv4 next hop: 0.0.0.0
Pre-resolve IPv6 next hop: ::
IPv4 reassembly lifetime: 100
IPv4 reassembly pool size: 1024
IPv4 reassembly buffers: 2048
IPv4 reassembly HT ratio: 1.00
IPv6 reassembly lifetime: 100
IPv6 reassembly pool size: 1024
IPv6 reassembly buffers: 2048
IPv6 reassembly HT ratio: 1.00
Security check enabled: true
Security check fragments enabled: false
Traffic-class copy: enabled
Traffic-class value: 0
Name IP4 Prefix IP6 Prefix IP6 Src Pref EA Bits PSID Off PSID Len MTU
---- -------------- ------------- ------------------------ ------- -------- -------- ----
cpoc 192.168.1.0/24 2001:db8::/32 1234:5678:90ab:cdef::/64 16 6 4 1280