NPTv6 stands for Network Prefix Translation and like NAT it allows the translation of IPv6. The difference, however, is that NPTv6 only translates prefixes. It doesn’t translate the host address, there is no “overload” like NAT where you can have multiple source addresses behind a single address. It’s a simple 1:1 translation for prefixes.
There are plenty of global IPv6 addresses so why would you want to use NPTv6? Here are two reasons:
- Address independence: you don’t have to change your IPv6 prefixes on your local network when your global IPv6 prefix changes. On the other hand, IPv6 renumbering is not so bad compared to IPv4.
- ULAs (Unique Local Addresses): NPTv6 translates the prefix in your ULAs to a global prefix that is routable on the Internet.
- Access-lists: Your host has two IPv6 addresses and only one of them is permitted through some firewall. Your host won’t know which source address is permitted through the firewall so by using NPTv6, you can translate the address to a prefix that is permitted through the firewall.
Let’s see how we configure NPTv6. I’ll use this topology:
What do we have?
- H1 is a host on our internal network.
- NPTv6 is the router where we configure NPTv6.
- H3 is some host on the Internet.
The 2001:DB8:0:2::/64 prefix on the loopback 0 interface of NPTv6 is the global prefix that we want to translate to.
I pre-configured my devices with IPv6 addresses and static routes so that we have reachability between H1 and H3.
Want to take a look for yourself? Here you will find the startup configuration of each device.
hostname H1 ! ipv6 unicast-routing ipv6 cef ! interface GigabitEthernet0/1 ipv6 address 2001:DB8:0:12::1/64 ! ipv6 route ::/0 2001:DB8:0:12::2 ! end
hostname H3 ! ipv6 unicast-routing ipv6 cef ! interface GigabitEthernet0/1 ipv6 address 2001:DB8:0:23::3/64 ! ipv6 route ::/0 2001:DB8:0:23::2 ! end
hostname NPTV6 ! ipv6 unicast-routing ! interface Loopback0 ipv6 address 2001:DB8:0:2::2/64 ! interface GigabitEthernet2 ipv6 address 2001:DB8:0:12::2/64 ! interface GigabitEthernet3 ipv6 address 2001:DB8:0:23::2/64 ! end
Let’s get started. We first need to define the inside and outside interfaces:
NPTV6(config)#interface GigabitEthernet 2 NPTV6(config-if)#nat66 inside NPTV6(config)#interface GigabitEthernet 3 NPTV6(config-if)#nat66 outside
The second (and last) thing to do is to tell the router what the inside and outside prefixes are:
NPTV6(config)#nat66 prefix inside 2001:DB8:0:12::/64 outside 2001:DB8:0:2::/64
The inside prefix is the link that we use between H1 and NPTv6, the outside prefix is the one on the loopback 0 interface. That’s all we have to configure.
There are only two show commands. Here’s the first one:
NPTV6#show nat66 prefix Prefixes configured: 1 NAT66 Prefixes Id: 1 Inside 2001:DB8:0:12::/64 Outside 2001:DB8:0:2::/64
This shows us the prefixes that we configured. Let’s try a quick ping from H1:
H1#ping 2001:DB8:0:23::3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:0:23::3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 3/6/12 ms
The ping works but it doesn’t tell me if the prefix is translated. There’s another command for that: