[arin-ppml] The role of NAT in IPv6

Matthew Kaufman matthew at matthew.at
Fri Mar 26 18:03:49 EDT 2010


Scott Leibrand wrote:
> On Fri 3/26/2010 2:54 PM, Matthew Kaufman wrote:
>> Please explain how you intend to eliminate manual renumbering for 
>> corporate internal networks every time they change ISPs.
>>
>> (And note that RA and even DHCP6 don't fix all the manual setup of 
>> things like "what is the address of the intranet web server".)
>>
>> There is a real cost to this, and the cost of a NAT device is pretty 
>> much paid off the first or second time you're forced to renumber.
>>
>> Matthew Kaufman
>
> Matthew,
>
> So it sounds like you're describing something like private IPv6 
> addresses on the inside, NAT66 at the edge, doing 1:1 mapping of the 
> inside private IPv6 prefix to the currently-active outside public IPv6 
> prefix?
>
> Does that accurately describe this use case?
>
> Thanks,
> Scott
That should be sufficient, yes. And of course I'd want my private IPv6 
to come from a range I was sure nobody I ever acquired or was acquired 
by was using.

Address overloading is probably not necessary.

A nice side effect is that I can have my NAT tweak the bottom 64 bits in 
case my hosts insist on exposing details of their MAC address there 
(which I consider to be a security problem).

Matthew Kaufman




More information about the ARIN-PPML mailing list