IPv6 NPTv6 (Network Prefix Translation)

(Rene Molenaar) #1

This topic is to discuss the following lesson:

(Chris N) #2

Why did I use a loopback with a prefix instead of prefix 2001:DB8:0:23::/64 (the link between NPTv6 and H3)? I tried this the first time but it doesn’t work because H3 will do a neighbor solicitation for 2001:DB8:0:23::1/64 (the translated address). Since nobody responds to that address, the ping fails.

I guess the question is - what if you changed the IP of H1 to 2001:DB8:0:12::2/64 (and swapped G2 to ::1)

Then the translated address for H1 would be 2001:DB8:0:23::2/64 - so NPTV6 should respond to the neighbour solicitation :wink:

(Lazaros Agapides) #3

Hello Chris.

Yes that makes sense. You might want to try to lab it for confirmation and let us know of your results…

Laz

(Fabrice M) #4

I don’t understand the use of this prefix
If the prefix is give by a ISP it do not belong to the Customer and if you are the owner of the prefix you can use BGP to still make it available
Is there a pratical scenario where the is an advantage of using NPTv6

Cordially

(Lazaros Agapides) #5

Hello Fabrice

IPv4 and IPv6 are similar in that they separate their respective addresses into two sections. The terminology used is somewhat different however. Where an IPv4 address is separated into the network portion and the host portion using a subnet mask, an IPv6 address is separated into a prefix and a host identifier using the prefix length.

So for an IP address of 2001:DB8:0:12::1/64 as in the lesson, the prefix is 2001:DB8:0:12, the host identifier is ::1 and the prefix length is 64. 64 indicates what part of the address is the prefix, that is, the first 64 bits.

So, when we say that we are applying network prefix translation, what we’re doing is taking the 2001:DB8:0:12 part of the address and replacing it with another prefix, and in this lesson, this other prefix is 2001:DB8:0:23.

So for every packet that comes in to a destination IP address of 2001:DB8:0:12::1, the NPTv6 router will replace the 2001:DB8:0:12 with 2001:DB8:0:23. The resulting mapping will be as follows:

2001:DB8:0:12::1 will map to 2001:DB8:0:23::1
2001:DB8:0:12::2 will map to 2001:DB8:0:23::2
2001:DB8:0:12::3 will map to 2001:DB8:0:23::3
2001:DB8:0:12::4 will map to 2001:DB8:0:23::4
2001:DB8:0:12::5 will map to 2001:DB8:0:23::5
etc…

So this is indeed a one to one mapping.

Now the prefix may be owned by you, or it may be the prefix that the ISP is giving you as part of your connectivity package. The NPT need not be applied at the edge of your network, it may even be applied inside your network.

Some practical scenarios where this can be useful are included in the lesson. Specifically:

  • Address independence: you don’t have to change your IPv6 prefixes on your local network when your global IPv6 prefix changes. On the other hand, IPv6 renumbering is not so bad compared to IPv4.
  • ULAs (Unique Local Addresses): NPTv6 translates the prefix in your ULAs to a global prefix that is routable on the Internet.
  • Access-lists: Your host has two IPv6 addresses and only one of them is permitted through some firewall. Your host won’t know which source address is permitted through the firewall so by using NPTv6, you can translate the address to a prefix that is permitted through the firewall.

The IETF stipulates that NPTv6 provides what they call “address independence.” More about this can be found here:
https://tools.ietf.org/id/draft-mrw-nat66-08.html#rfc.section.1.2

I hope this has been helpful!

Laz

1 Like