NAT hides the private IPv4 network from the public Internet which provides a perceived level of security by denying computers on the public Internet from accessing internal hosts. However, NAT is not the alternate for proper network security, such as security provided by a firewall.
In RFC 5902, the IAB included the NAT for IPv6 quote. “It is commonly perceived that a NAT box provides one level of protection because external hosts cannot directly initiate communication with hosts behind a NAT. However, one should not confuse NAT boxes with firewalls.
As discussed in [RFC4864], Section 2.2, the act of translation does not provide security in itself. The stateful filtering function can provide the same level of protection without requiring a translation function. For further discussion, see [RFC4864], Section 4.2.”
IPv6, addressing scheme, provides 340 undecillion addresses. It has own IPv6 private address space and NAT, which are implemented differently than they are for IPv4.
IPv6 Unique Local Addresses (ULA)
These addresses are similar to the private addresses of IPv4, but there are major differences between both. The intent of IPv6 Unique Local Addresses (ULA) provides IPv6 address space for communications within a local site. It is not providing any additional IPv6 address space and not providing any level of security.
The prefix for IPv6 Unique Local Addresses (ULA) is FC00::/7, which range in the first hextet is FC00 to FDFF. The figure below illustrates the Unique Local Addresses (ULA).
After the prefix, the next 1 bit is set to 1 if the prefix is locally assigned. Set to 0 may be defined in the later. The next 40 bits is a randomly generated global ID followed by a 16-bit Subnet ID. These first 64 bits make the ULA prefix. The remaining 64 bits are used as the interface ID. These addresses are defined in RFC 4193. ULAs are also known as local IPv6 addresses.
ULA allows sites privately interconnected, without creating any address conflicts. The address can be used independently without any ISP and can be used for communications within a site without having any Internet connectivity.
The IPv6 addresses are not created to use in the form of NAT to translate between unique local addresses and IPv6 global unicast addresses. The execution and possible uses for IPv6 unique local addresses are still under-examined by the Internet community.
NAT for IPv6
There are several varieties of the NAT for IPv6, which provide transparent access between IPv6-only and IPv4-only networks. NAT for IPv6 is not used as a form of private IPv6 to global IPv6 translation like NAT for IPv4 addresses.
The IPv6 devices should communicate with each other over IPv6 networks. However, during IPv4 to IPv6 transition, the IETF has developed several techniques to provide accommodation of IPv4-to-IPv6, including dual-stack, tunnelling, and translation.
In the method of dual-stack both IPv4 and IPv6 are running on the devices in parallel. Encapsulating an IPv6 packet inside an IPv4 packet is the method of tunnelling. This allows the IPv6 packet to be transmitted over an IPv4-only network.
NAT for IPv6 cannot be used as a long term approach. It is only as a temporary method to assist in the transition from IPv4 to IPv6. NAT for IPv6 has several methods including Network Address Translation-Protocol Translation (NAT-PT) and NAT64.