Loading...

Tech Talk Live Blog

IPv6 No More NAT

Roy Hoover


Since you are reading this blog, you have surely seen lots of IP addresses. They look something like this: 10.20.30.40. Its four octets, each represented as a decimal value, are separated by dots. Each octet is 8 bits so it can range from zero to 255. If you do the math, you will discover that the total addressable space is about 4.3 billion unique addresses.

That seemed like plenty of addresses back when there were only a handful of computers to connect, but that time has long since passed. IPv6 (Internet Protocol version 6) was created to address this issue and make some additional improvements to the protocol.

A variety of ways have been, and still are, being used to address the limited availability of IPv4 addresses in the current Internet. Network Address Translation (NAT) is the one with which you are probably most familiar. NAT translates one IP address into another IP address. A variant of NAT is called PAT (Port Address Translation). PAT allows multiple devices with their own private IP addresses to share a single public IP address. The device performing the PAT translation keeps a state table of all the connections passing through it to make sure the packets get to the right locations. NAT is one-to-one mapping and PAT is many-to-one mapping. The term NAT is commonly used to refer to both NAT and PAT.

NAT allows for duplicate IP addresses to be used on the Internet. The IP address of my home router is 192.168.1.1. Millions of other home routers also have the IP address of 192.168.1.1. Other devices on my home network have addresses in the 192.168.1.x range. They can all access the Internet just fine, as can the devices in millions of other homes that have the same IP addresses.

The router in each one of these homes has another interface with a globally unique IP address assigned by your Internet service provider. This unique IP address and the state table in each one of these routers makes it all work. This is true when those devices on your home network just want to reach servers on the Internet.

What if I want to reach another device in your home? I need to make configuration changes to my router to allow this. That is because end-to-end connectivity on the Internet breaks when NAT is used.

There are many tools to work around the issues that NAT creates. Some of them work reasonably well, but I am looking forward to the time when end-to-end connectivity on the Internet is restored, network design and management becomes easier, and NAT is discarded into the dustbin of technology history.

The IPv6 address space is 128 bits instead of 32 bits. For every bit you add the address space doubles. That means IPv6 should have plenty of address space for future growth. IPv6 is paving the way for NAT to be discarded and moving the Internet onto a more modern protocol.

IPv6 addresses look like this: 2001:db8:a0b:12f0:0:0:0:1. Its eight chunks are separated by colons. Hexadecimal (base 16) notation is used instead of decimal. Hexadecimal makes more sense for expressing binary numbers than decimal form does.

IPv6 is a different protocol than IPv4. It is based on IPv4 concepts but it introduces some new concepts as well. It is not just “extended addressing” bolted on to IPv4, and is not backward compatible with IPv4. It is new and different but it can happily coexist with IPv4 on the same network, routers, servers, and clients.

IPv6 is all around you. Did you notice it? Perhaps you noticed one of those funny looking addresses on your mobile phone, your cable box, cable modem, tablet, laptop, or desktop. Perhaps it was there and you skipped over it, thinking it was not used.

IPv6 has some built-in, automatic configuration options. Even if you have never done anything with IPv6, there is a very good chance you are already using it, and you just do not know it. It frequently comes enabled on network devices. One of its auto-configuration features is to create a self-assigned, link-local address and communicate with that address to other devices within that layer 2 network segment.

Consider two servers connected to the same layer 2 network. You may turn on host firewalls on each of them and only allow specific network traffic between them. Those two servers may be able to talk to each other uninhibited on IPv6, unless you turn IPv6 off or configure the host firewall with IPv6 rules to restrict communication to the specific services you would like them to use.

I will post more about IPv6 in a future blog. In the mean time keep an eye out for places where IPv6 is showing up in your equipment. Until then, check out these links to learn more about some of the topics I touched on in this post.

Links:

DNS Configuration

Hexadecimal Tutorial

IPv4 Address Exhaustion

IPv6 Security​​​

Tech Talk Live Blog Comment Guidelines:

One of our main goals at Tech Talk Live is to build a community. It is our hope that this blog can be a forum for discussion around our content. We see commenting as an integral part of this community. It allows everyone to participate, contribute, connect, and share relevant personal experience that adds value to the conversation. Respect counts. We believe you can disagree without being disagreeable. Please refrain from personal attacks, name calling, libel/defamation, hate speech, discriminatory or obscene/profane language, etc. Comments should keep to the topic at hand, and not be promotional or commercial in nature. Please do not link to personal blog posts, websites, or social media accounts that are irrelevant to the conversation. This is considered self-promotion. We welcome links that help further the conversation and reserve the right to delete those we deem unnecessary. The appearance of external links on this site does not constitute official endorsement on behalf of Tech Talk Live or Lancaster-Lebanon Intermediate Unit 13. You are solely responsible for the content that you post – please use your best judgment. We reserve the right to remove posts that do not follow these guidelines.

Leave a Reply

Your email address will not be published. Required fields are marked *

CONTACT

Tech Talk Live is the only conference of its kind in the region specifically designed for IT pros in education.


techtalklive@iu13.org
1020 New Holland Avenue, Lancaster, PA 17601

(717) 606-1770