IPv4 Network Address Mapping

VPF can map IPv4 addresses from one prefix to another using the netmap algorithm in NAT rules. This works similarly to NPT66 where VPF keeps the host portion of the address constant while translating the subnet prefix. Like NPT66 both prefixes must be identical in size, and the external prefix must be routed to TNSR from upstream.

As with other similar types of NAT, this configuration requires two rules to cover both directions. However, if there is no need to allow inbound connections, the inbound rule can be omitted.

This example maps an internal LAN IPv4 prefix of 10.30.0.0/24 to an external WAN IPv4 prefix of 198.18.0.0/24.

tnsr(config)# vpf nat ruleset WAN-nat
tnsr(config-vpf-nat-ruleset)# rule 90
tnsr(config-vpf-nat-rule)# description Map Outbound
tnsr(config-vpf-nat-rule)# direction out
tnsr(config-vpf-nat-rule)# algorithm netmap
tnsr(config-vpf-nat-rule)# from ipv4-prefix 10.30.0.0/24
tnsr(config-vpf-nat-rule)# nat-prefix 198.18.0.0/24
tnsr(config-vpf-nat-rule)# exit
tnsr(config-vpf-nat-ruleset)# rule 91
tnsr(config-vpf-nat-rule)# description Map Inbound
tnsr(config-vpf-nat-rule)# direction in
tnsr(config-vpf-nat-rule)# algorithm netmap
tnsr(config-vpf-nat-rule)# to ipv4-prefix 198.18.0.0/24
tnsr(config-vpf-nat-rule)# nat-prefix 10.30.0.0/24
tnsr(config-vpf-nat-rule)# exit
tnsr(config-vpf-nat-ruleset)# exit

VPF filter rules must also pass packets as needed based on these addresses.

With these rules in place, if an internal host has an IPv6 address of 10.30.0.100, any IPv4 communication from that host through WAN is translated to the corresponding address in the external prefix, e.g. 198.18.0.100.