Does NAT66 or NPTv6 need it?

By

Does NAT66 or NPTv6 need it?

Let's understand the NAT requirements with an Ipv6 address. Have you ever heard that we don't require NATing with IPv6? Is it true? 

My answer will be yes if you are a CCNA student, otherwise, it is only a half-truth. How? Let's try to understand with a few examples:

1. In Theoretical or book statements, IPv6 does not require any NATing because we have enough IPv6 Addresses. Your ISP might supply a/48 prefixes, so you have more than the required networks or prefixes for your office/home. So mostly you will not have to translate from private to public or vice versa.

But is it a 100% true statement? I think no and practical is also approved no. Let's check other points. 

2. What if your ISP modem does not respond to the Client's RA messages? If you still need Ipv6 Enabled network, then you mostly prefer to use NPTv6. 

3. In the future you might change your ISP and you don't want to be stuck in a face to reconfigure the complete network with the new ISP’s Provider Assigned (PA) IPv6 address space. This means you want to continue your IPv6 Network without a PI address. 

4. You are using a DUAL ISP internet connection with a PA address and still want load balancing with your servers. 

5. You are MSP or have multiple network connectivity and do not want to announce internal Original Subnet/Prefix for security reasons. 

6. and many more reasons. 


Many vendors are supporting NAT66 or NPTv6. As FortiGate, Cisco, Palo Alto, Juniper, OpenSence etc. 

What is the difference between NAT66 and NPTv6?

NAT66 is similar to NAT44. NPTv6 differs from NAT66, which is stateful. With NPTv6, no port translation is required nor other manipulation of transport characteristics. Compared to NAT66, with NPTv6 there is end-to-end reachability along with 1:1 address mapping. This makes NPTv6 a better choice than NAT66

Image Infoblox[.]com

I really like NPTv6 if possible. It is not complicated as NAT44 or NAT66. 

Keeping one question open for you. Let's think about Port Mapping? Does the device need to be aware of complete mapping systems means all transport protocols? 

Port Mapping in NAT44: NAT44 devices often overwrite the source port number in outbound traffic and the destination port number in inbound traffic. 





Comments

Post a Comment

Popular posts from this blog

Dark side of Extreme ELRP Protocols and some best practices

By
Image
This is my first blog here. I hope to continue this blog eventually. I decided to write blogs here only. Previously, I tried several places, like on my website, WordPress, etc. I came back to Blogspot after a long time. Without further delay, let me jump to the subject. Recently, I received an interesting topic from my colleagues. He explained to me that he can't find the loop on the extreme switches. All switches show loop disturbances. Even two or three switches are not accessible. After solving this problem, I have decided to carry out a LAB on this topic. My main focus will be some questions 1. Why are all the switches showing loops, but the loop was only available on one switch? 2. What action should be taken to avoid such complete downtime if the loop is detected again? Designed a LAB with the following information: Let's change some configurations on the switches. I am using the default VLAN for this lab purpose. As MST is enabled by default on the default VLAN. I will d...
Read more

BGP Slow Peer Detection

By
Image
 What is Slow peer detection? We have a group of routers with the same outgoing route-map (outbound policy), which means the router will place all neighbors in the same group because the router wants to save resources to perform the same task multiple times for example: sending route updates.  The router will select a "Leader Router or Neighbor" and perform update or other algorithm tasks and will also replicate to all other routers in the same group.  What if any of one router is too slow due to hardware or software issues? This slow router is called Slow Peer. Slow peers affect the BGP convergence of the entire update group. If one BGP peer is slow, it causes the entire update group to slow down. The result is that the other update group members will have slower convergence as well. For this reason, the issue should be resolved. You can identify the slow peer and move it out of the update group. In order to complete this task, you can change the outbound policy for...
Read more