[arin-ppml] The role of NAT in IPv6
matthew at matthew.at
Fri Mar 26 18:03:49 EDT 2010
Scott Leibrand wrote:
> On Fri 3/26/2010 2:54 PM, Matthew Kaufman wrote:
>> Please explain how you intend to eliminate manual renumbering for
>> corporate internal networks every time they change ISPs.
>> (And note that RA and even DHCP6 don't fix all the manual setup of
>> things like "what is the address of the intranet web server".)
>> There is a real cost to this, and the cost of a NAT device is pretty
>> much paid off the first or second time you're forced to renumber.
>> Matthew Kaufman
> So it sounds like you're describing something like private IPv6
> addresses on the inside, NAT66 at the edge, doing 1:1 mapping of the
> inside private IPv6 prefix to the currently-active outside public IPv6
> Does that accurately describe this use case?
That should be sufficient, yes. And of course I'd want my private IPv6
to come from a range I was sure nobody I ever acquired or was acquired
by was using.
Address overloading is probably not necessary.
A nice side effect is that I can have my NAT tweak the bottom 64 bits in
case my hosts insist on exposing details of their MAC address there
(which I consider to be a security problem).
More information about the ARIN-PPML