Network Prefix Translation

Network Prefix Translation (NPt) allows us to map an internal IPv6 prefix to an external IPv6 prefix. Normally, we try to avoid using NAT when we use IPv6, but there are some cases where being able to translate IPv6 prefixes is helpful:

  • It provides a means of implementing multihoming (connecting a host or network to multiple networks) on small networks. Another method is DHCPv6.
  • It potentially makes routing more efficient, as it makes addresses on edge networks independent of addresses on upstream networks, and the upstream networks can then work only with the contiguous ISP-allocated addresses, which will make route summarization easier (and our routing tables much smaller).

NPt functions similarly to 1:1 NAT for IPv4 addresses, only in this case, we are translating prefixes, not complete addresses. We can also use NPt to translate addresses between two private IPv6 networks. In such cases, both networks could use ULA prefixes, or one network could have a ULA prefix and the other could use global unicast addresses.

It should be noted that the IETF recommends using DHCPv6 instead of NPt; the reasons for this were enumerated in RFC 7157. The most compelling reasons for avoiding use of NPt are as follows:

  • IPv6 allows for end-to-end connectivity, but NPtv6 does not, and whenever possible, end-to-end connectivity is desirable
  • DHCPv6 is a more suitable solution to solve many of the most likely multihoming issues

Nonetheless, NPt may be necessary as an intermediate solution, and fortunately, pfSense provides the capability of implementing NPt. To create an NPt entry following are the steps:

  1. Click on the NPt tab and click on one of the Add buttons on the page.
  2. There is only one section on the page: Edit NAT NPt Entry.
  3. Checking the Disable checkbox will disable the rule. The Interface drop-down box allows you to select the interface to which the rule applies (once again, it's usually WAN).
  4. The first Address edit box is where you enter the internal ULA IPv6 prefix that will be selected.
  5. You also need to select the CIDR for the prefix.
  6. In the second Address checkbox, you enter the external, global unicast routable IPv6 prefix (you must specify the CIDR of the prefix here as well). Both the internal and destination (external) prefixes have corresponding Not checkboxes you can use to invert the sense of the match.
Per RFC 6296, if the prefix lengths for the internal and external networks do not match, then the shorter of the two prefixes will be zero extended. They are then both zero extended to 64 for the purposes of a calculation. 
  1. The last option is the Description edit box, where you can enter a non-parsed description.
  2. Once you have entered all the information, click on the Save button and the Apply Changes button on the NAT page.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset