NAT66 Experimental Draft - RFC6296
Olipro
olipro at 8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa
Sat Jul 23 17:59:16 CEST 2011
Greetings to all,
So, it would appear that things on the NAT66 front have progressed from the
IETF over to RFC status.
Whilst NAT66 is certainly something that could prove invaluable if you wish to
setup a network without having to worry about renumbering problems down the
line, it does also raise the issue of making a number of daft things possible
- namely, whilst the RFC does state that the NAT/NPT itself will only perform
1:1 mappings, it doesn't make any requirement that you must not use it with
connection tracking or anything else that could run atop the translator and
affect exactly what addresses it translates to.
As a result, I can foresee the possibility of using stateful connection
tracking to do something along the lines of multiplexing a global unicast
address to multiple clients on the internal side of the network by giving them
all separate ULA addresses and then setting up conntrack rules to affect the
translations that will occur, which sounds to me like a recipe for someone,
somewhere thinking he can get away with a single global unicast subnet of the
minimum required size and stick everyone he serves on ULA addresses... Or
maybe I'm just being too pessimistic.
More information about the ipv6-ops
mailing list