Today in our newest take on “older technology is better”: why NAT rules!
6 ≠ 16
v ≠ o
Honestly we should just use 4 bit ip addresses, it’s too hard for me to remember ipv4 addresses anyways. Carrier grade NAT will take care of the rest.
Finally, a use for my 1-bit bloom filter!
Well… I still like IPv6 better than ATM and those darn virtual circuit identifiers.
Hah. But to be fair, ATM did have a specific use that it worked great for. That is the move to digital voice circuits. The small fixed cell size and built in QoS meant that if you had a fixed line size you could fit X voice channels, and they would all be extremely low latency and share the bandwidth fairly. You didn’t need to buffer beyond one cell of data and you didn’t need to include overhead beyond the cell headers.
ATM was designed to handle the “future” or digital network needs. But, the immediate use was about voice frames and that likely dictated a lot of the design I’d expect.
You can still NAT IPv6
Yes, but why would you want to? We have enough addresses for the foreseeable future.
You should only assign static ipv6 to servers, in theory you could just define a host id and use a prefix too. But, most people at home really aren’t running enough servers to make that worthwhile. Everything else should just pick up new addresses fine using ND.
You can use ULAs (unique local addresses) or that purpose. Your devices can have a ULA IPv6 address that’s constant, and a public IPv6 that changes. Both can be assigned using SLAAC (no manual config required).
I do this because the /56 IPv6 range provided by my ISP is dynamic, and periodically changes.
1:1 stateless NAT is useful for static IPs. Since all your addresses are otherwise global, if you need to switch providers or give up your /64, then you’ll need to re-address your static addresses. Instead, you can give your machines static private IPs, and just translate the prefix when going through NAT. It’s a lot less horrible than IPv4 NAT since there’s no connection tracking needed.
This is something I probably should have done setting up my home Kubernetes cluster. My current IPv6 prefix is from Hurricane Electric, and if my ISP ever gives me a real IPv6 prefix, I will have to delete the entire cluster and recreate it with the new prefix.
It should only be needed if your ISP is brain-dead and only gives you a /64 instead of what they should be doing and also giving you a /56 or /48 with prefix delegation (I.e it should be getting both a 64 for the wan interface, and a delegation for routing)
You router should be using that prefix and sticking just a /64 on the lan interface which it advertises appropriately (and you can route the others as you please)
Internal ipv6 should be using site-local ipv6, and if they have internet access they would have both addresses.
Fire bad, change scary
