multiple prefixes

Tore Anderson tore at fud.no
Tue Feb 12 20:03:49 CET 2013


* Matthew Huff

> Do you know of any knowledge base of mainstream commercial network
> equipment (routers, switches, firewalls, load balancers, etc...) that
> supports NPTv6? There seems to be very few equipment on the market
> currently that supports NPTv6.

I'm not familiar with any myself . Others have mentioned that Linux and
FreeBSD have support. Maybe Linux-based appliances like Vyatta or
Mikrotik support it. I don't know.

> IMHO, the push to force end-to-end connectivity (no-nat) that
> pervades the IPv6 community has slowed the growth of IPv6 
> considerably. There are a lot of corporate entities (us included)
> that have no interest in having p2p connectivity. In fact, we do 
> everything possible to block it and will continue to do so in IPv6.
> Imagine if there were wide support for some sort of NAT46 solution so
> that internal networks could stay ipv4 but have ipv6 connectivity
> while they slowly migrate to ipv6. Perhaps they would never move
> internally from ipv4, but externally they could be 100% ipv6. This
> would be fine with the vast majority of corporate networks.

Well, NPTv6 is a form of NAT, but it doesn't in itself block any traffic
in either direction. It's pretty much the same thing as 1:1 NAT44. If
blocking traffic à la NAPT44 is what you want to accomplish, you should
consider getting a firewall of some sort. Or, make the corporate network
a walled garden, and use proxies and such to allow the walled-garden
nodes to access internet resources.

-- 
Tore Anderson



More information about the ipv6-ops mailing list