multiple prefixes

Philipp Kern phil at
Tue Feb 12 10:39:08 CET 2013

On Tue, Feb 12, 2013 at 12:38:27AM -0800, Doug Barton wrote:
> Please demonstrate how these costs pertain to NPT. To the
> application there shouldn't be any difference between operating in
> an NPT environment than operating on GUAs. (This response also
> applies to your comment about skype.)

Every protocol that embeds literal IPv6 addresses (similar to the
situation with NAT64 and DNS64, except for v6) will break, unless it
tries to "discover" its global IP address somehow. That's reasonably
easy in the Skype world where there is central infrastructure.

BitTorrent, for instance, cannot reasonably do it. So if you have one
behind NPT and one behind a stateful firewall you cannot get your
connections through. jingle signalling, as mentioned by Lorenzo, is
another example. It's also used for voice chats on XMPP. (But TBH I
never tried it between two v6 hosts.)

Obviously it also breaks IPsec AH, but maybe ESP is good enough. RFC6296
lists these considerations on page 6, as Brian already mentioned.

Split DNS is also no fun for end-users who want to connect to multiple
VPNs in a sane way, but I guess I'd just get ivory tower comments for
raising that.

Kind regards
Philipp Kern
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
Url : 

More information about the ipv6-ops mailing list