nat ipv6 to ipv4

NAT and private IPv4 addresses have slowed down the depletion of IPv4 addresses, but NAT has some disadvantages. The one major benefit provided by NAT is security.

NAT hides the private IPv4 network from the public Internet, providing a perceived level of security by denying computers on the public Internet from accessing internal hosts. However, NAT is not the alternative for proper network security, such as security provided by a firewall.

In RFC 5902, the IAB included the NAT for the IPv6 quote. “It is commonly perceived that a NAT box provides one level of protection because external hosts cannot directly initiate communication with hosts behind a NAT. However, one should not confuse NAT boxes with firewalls.

As discussed in [RFC4864], Section 2.2, translation does not provide security. The stateful filtering function can provide the same level of protection without requiring a translation function. For further discussion, see [RFC4864], Section 4.2.”

IPv6, an addressing scheme, provides 340 undecillion addresses. It has its own IPv6 private address space and NAT, which are implemented differently than for IPv4.

IPv6 Unique Local Addresses (ULA)

These addresses are similar to the private addresses of IPv4, but there are major differences between both. IPv6 Unique Local Addresses (ULA) intends to provide IPv6 address space for communications within a local site. It does not provide any additional IPv6 address space and does not provide any level of security.

The IPv6 Unique Local Addresses (ULA) prefix is FC00::/7, which ranges in the first hextet from FC00 to FDFF. The figure below illustrates the Unique Local Addresses (ULA).

After the prefix, the next 1 bit is set to 1 if the prefix is locally assigned. Set to 0 may be defined later. The next 40 bits are a randomly generated global ID followed by a 16-bit Subnet ID. These first 64 bits make the ULA prefix. The remaining 64 bits are used as the interface ID. These addresses are defined in RFC 4193. ULAs are also known as local IPv6 addresses.

ULA allows sites to be privately interconnected without creating address conflicts. The address can be used independently without any ISP and for communications within a site without having any Internet connectivity.

The ULA is not routable across the internet like the RFC 1918 private IPv4 address; however, if by chance it is leaked by routing or DNS, there is no conflict with any other addresses.

The IPv6 addresses are not created to be used in the form of NAT to translate between unique local addresses and IPv6 global unicast addresses. The execution and possible uses for IPv6 unique local addresses are still under-examined by the Internet community.

NAT for IPv6

There are several varieties of NAT for IPv6, which provide transparent access between IPv6-only and IPv4-only networks. NAT for IPv6 is not a private IPv6 to global IPv6 translation like NAT for IPv4 addresses.

The IPv6 devices should communicate with each other over IPv6 networks. However, during the IPv4 to IPv6 transition, the IETF has developed several techniques, including dual-stack, tunneling, and translation, to accommodate IPv4-to-IPv6.

In dual-stack, both IPv4 and IPv6 are running on the devices in parallel. Tunneling involves encapsulating an IPv6 packet inside an IPv4 packet. This allows the IPv6 packet to be transmitted over an IPv4-only network.

NAT for IPv6 cannot be used as a long-term approach. It is only a temporary method to assist in the transition from IPv4 to IPv6. NAT for IPv6 has several methods, including Network Address Translation-Protocol Translation (NAT-PT) and NAT64.