F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
66
Figure 61 DS-lite network diagram
As shown in 699HFigure 61, a DS-lite network involves the following parts:
{ Customer Premises Equipment (CPE)
Resides at the customer's premise, connects the customer's network to an Internet Service
Provider (ISP) network, and usually serves as the gateway of the customer's network. As a
tunnel end, the CPE encapsulates IPv4 packets of the customer's network into IPv6 packets and
sends them to the other end of the tunnel, and de-encapsulates IPv6 packets into IPv4 packets
and sends them to the customer's network. Some hosts can serve as the CPE. Such hosts are
referred to as DS-lite hosts.
{ Address Family Transition Router (AFTR)
Resides in the ISP network and serves as both an IPv4 over IPv6 tunnel end and the NAT device.
After IPv6 packets are de-encapsulated into IPv4 packets, the AFTR translates the source
private IPv4 address of each packet into a public IPv4 address and sends the packet to the
destination IPv4 host. The AFTR also translates the destination public IPv4 address of each
response packet into a private IPv4 address, encapsulates the packet into an IPv6 packet, and
forwards the packet to the CPE. In addition, the AFTR records the NAT entries and the IPv6
address of each CPE so that IPv4 networks connected to different CPEs can use the same
address space.
{ DS-lite tunnel
The IPv4 over IPv6 tunnel between the CPE and AFTR which carries IPv4 packets over an IPv6
network.
Private
IPv4 network
DS-lite tunnel
IPv4 network
IPv4 host IPv4 host
CPE
AFTR
IPv6 network
D
S
-
l
i
t
e
t
u
n
n
e
l
DS-lite host
Subscriber network ISP core network Internet