Alice AUSTIN

Alice AUSTIN is studying Cisco Systems Engineering. He has passion with both hardware and software and writes articles and reviews for many IT websites.

15 thoughts on “IPv6 With NAT

  • At 4:30, FD10::3 is unique local, not global scope. Great video nonetheless!

  • People that think IPv4 NAT was only for solving "Running out Addresses" needs a History lesson. Most ISP for SOHO only ever gave 1 v4 address. Also many ISP expect 1 MAC per Account "in the old days" and Why Older Routers could Copy the MAC from a PC because a LOT of ISP had Very Long DHCP Lease or Worse so your Router Won't Connect without Spoofing the PC that created the account. Plus many people Do Not want everything seen by the ISP and Public like Printers that most still have little security. NAT on v6 is soon to be important to many because Some ISP data plans not only Cap but soon Restrict the Number of Devices.

  • The way it was explained to me is fe::123 addresses are similar to 169.254.x.x in ipv4

    fd::123 addresses are similar to the class A,B,C LAN addresses in ipv4. Ie, 10.x.x.x 172.16.x.x 192.168.x.x

    When you do a mix of reserved static LAN addresses and dhcp where you want to create subnets and do routing behind NAT, it gets complicated. Mainly because we think in decimal not hexadecimal. I’m sure there are tricks for this that people have, but most still find very little reason to do local ipv6 and ipv6 NAT/DHCP.

  • Is it possible to do this without a routable external IPv6 wan address but with a natted nat64 but everything routes through ipv4 on wan?

  • LOL , and do you put static routes for VPN subnets on your default gateways ???

  • This video shows 2 things. What the author intended. And why IPV6 is not moving the needle.

    I really don't get the idea that people want to place the IP behind their firewall on their private LANs. While I will concede I am no guru, the ethos of running short of addresses (IP4) was meant to be solved by IP6. The device is meant to be one amongst the billions. But then we're back to it having no real better built in security over IP4, so before you know it, people want to wrap it in a FW and put it not on the net. But hey, lets start NATing.

    Honestly, my dumb interpretation is its not hard to see why people have not shifted to IP6. And I have to say, its hard to see it picking up any progress. Its basically had its time. Its not won out. The VHS has won over the BetaMax..

  • Like I pointed out before, using ULA addresses on your LAN is more or less pointless. Devices will use IPv4 in preference to ULA addresses so your IPv6 will only be used for outgoing connection to things that don't have IPv4, in other words IPv6 will as good as never used except during testing.
    I guess you could use ULA addresses with NPT for incoming connections but there is no point. You're going to need to know the actual routable public address so you can tell people how to connect in to you. You might as well not do NPT it and use the real address all the way through to the device.
    Finally, don't forget, if for some unfathomable reason you feel you must be able to memorise your ULA addresses and choose simple rememberable ones then you are ignoring the guidelines in RFC 4193 and going you own weird non standard way.

  • While NAT behind a single wan IP maybe possible, the proper way to do NAT in V6 is NATPT.

    We should get people off the idea of masquerading behind 1 IP.

    The 1:1 method to swap public global /48 bits with private fd00:/8 48 bits its far better.

    However some things the application layer could break during translation. But thats true for any NAT.

    FD00:/8 will allow you to quickly swap providers whether you move provider or whether you need ISP fail overs without owning your own address space.

  • Great explanation as always, Paul. Thanks for this. Will have to bite the IPV6 bullet one day!

  • Thank you for the 10 mile high overview. I now understand a lot more about the parts of IPV6 I didn't know about and never could find the details of. I have no idea how to implement this but it's good to know it can be done and how it's all related. Someday I will have seen enough to attempt it but for now I'm really glad you did such a good job of explaining it.

    I do travel in a motor home a few times a year and use a couple of hotspots for internet connectivity. I understand kinda how you might have a fairly fixed IPV6 address from your ISP at home, but when you are on the road, I suspect you would have different addresses each time the hotspot connected to a different tower. I wonder how you might configure things to avoid reconfiguring things in that case?

    Cheers,
    Jim

  • That was good. Cleared up some problems I was having understanding the set up of an IPv6 network. Looks a lot more straight forward than I thought it was. Thanks.

Comments are closed.