Configuring NAT with IPv6 on Cisco Router

Configuring NAT with IPv6 on Cisco Router

This is a special article in which you learn how to Configuring NAT with IPv6 on Cisco Router. The issue of IPv4 address space depletion has been a priority for the IETF since the early 1990s. The combination of private IPv4 addresses defined in RFC 1918 and NAT plays a decisive role in delaying this exhaustion. NAT has considerable disadvantages, and in January 2011, IANA assigned its latest IPv4 addresses to RIRs.
One of the benefits of NAT for IPv4 that were not intentional is that it hides the private public Internet network. NAT has the advantage that it offers a considerable level of security by denying access to internal hosts to computers on the Internet. However, it should not be considered as a substitute for adequate network security, such as that provided by a firewall.

Is NAT possible with IPV6?

In RFC 5902, the Internet Architecture Council (IAB) included the following quote on the translation of IPv6 network addresses:

“In general, it is believed that a NAT box provides a level of protection because external hosts cannot directly initiate a communication with the hosts behind a NAT. However, NAT boxes should not be confused with firewalls. As discussed in section 2.2 of RFC4864, the act of translation itself does not provide security. The state filtering function can provide the same level of protection without requiring a translation function. ”

With a 128-bit address , IPv6 provides 340 sextillion addresses . Therefore, address space is not a problem. IPv6 was developed with the intention that NAT for IPv4 with its translation between public and private IPv4 addresses is unnecessary. However, IPv6 implements a form of NAT. IPv6 includes its own private IPv6 and NAT address space, which are implemented differently from what is done for IPv4.

UNIQUE LOCAL IPV6 ADDRESSES

Unique local IPv6 addresses (ULAs) resemble private IPv4 addresses defined in RFC 1918, but there are also considerable differences. The purpose of ULAs is to provide IPv6 address space for communications within a local site, they are not intended to provide additional IPv6 address space or a security level.

As shown in the illustration, ULAs have the prefix FC00 :: / 7, which produces a range of first hextete ranging from FC00 to FDFF. The next bit is set to 1 if the prefix is ​​assigned locally. It is possible that in the future it can be set to 0. The next 40 bits correspond to a global ID followed by a 16-bit subnet ID. These first 64 bits are combined to create the ULA prefix. This allows the remaining 64 bits to be used for the interface ID or, in terms of IPv4, the host portion of the address.

ULA FEATURES

Unique local addresses are defined in RFC 4193. ULAs are also known as "local IPv6 addresses" (not to be confused with link-local IPv6 addresses) and have several features, including the following:

• They allow sites to be combined or interconnected privately, without generating conflicts between addresses and without re-numbering the interfaces that use these prefixes.
• They are independent of any ISP and can be used for communications within a site without having Internet connectivity.
• They cannot be routed over the Internet; however, if they are filtered by routing or DNS, there is no conflict with other addresses.

ULAs are not as simple as the addresses defined in RFC 1918. Unlike private IPv4 addresses, the IETF did not intend to use a NAT form to translate between unique local addresses and global unicast IPv6 addresses.

IPV6 AND NAT

NAT for IPv6 is used in a very different context than NAT for IPv4. NAT varieties for IPv6 are used to provide transparent access between IPv6 only networks and IPv4 only networks. It is not used as a form of translation from private IPv6 to global IPv6.
Ideally, IPv6 be run natively whenever possible. That is, on IPv6 devices that communicate with each other through IPv6 networks. However, to assist in the change from IPv4 to IPv6, the IETF developed several transition techniques that support a variety of situations from IPv4 to IPv6, such as dual-stack, tunneling and translation.

Dual-stack is when the devices execute protocols associated with IPv4 and IPv6. Tunneling for IPv6 is the process of encapsulating an IPv6 package within an IPv4 package. This allows the IPv6 packet to be transmitted through an IPv4-only network.
NAT for IPv6 should not be used as a long-term strategy, but as a temporary mechanism to contribute to the migration from IPv4 to IPv6. Over the years, there were several types of NAT for IPv6, including network address translation / protocol translation (NAT-PT).