NPTv6 with multiple internal IPv6 networks?

ne20002 · November 26, 2019, 11:45am

Hi

I have the following situation: My network is seperated into multiple sub-networks with IPv4 addresses (IPv4 192.168.xx.y) and VLAN (one for VOIP, one for IOT, one for DMZ, one for LAN, GUEST ...). This works well with IPv4 (having to port forward only a few ports to different devices).

I also have IPv6 on the internal network with ULA fd42:0:0:xx:: where xx is the same number as Ipv4 address range in subnet ... this also works fine as I don't have IPv6 on the WAN so far.

Now my ISP says that I will get IPv6 but only a /64 subnet. I asked for a /56, but for this they would charge more. Also: the IPv6 prefix will by changed each day.

I now wonder what to do.

From googleing I think NPTv6 would be a solution to have my internal network with stable addresses and translating only the prefix to the one that is valid on the WAN interface.

But how can I handle NPTv6 to translate a single /64 on the WAN interface to a number of internal subnets?
Can this be achieved by changing the DHCPv6 in my network to fd42:0:0:0:xx networks? Would that work? And how do I do this with Openwrt?

Any help appreciated.

trendy · November 26, 2019, 11:57am

This sounds really cheap of them.

I would change ISP for such statements.

If you want to stick with them, it depends how much you need IPv6, I guess. In such a case you could assign the /64 to one network where you need it most, LAN for example.
NAT in IPv6 is used for other purposes, as the vast amount of available addresses should render the purpose of NAT unnecessary.

anon45274024 · November 26, 2019, 12:21pm

ULA works independent of the prefix length on the globally routable prefix provided by the ISP, i.e. the internal network ip stability is not impacted.

Plonk34 · November 27, 2019, 5:18am

It is possible but not supportet by luci or uci. You have to configure nat6 self.
First you have to install ipt-nat6 packets.

If you really want this i can look at my home router where i have configured.
But not this day.

For stability i can not say because normally i use ip4.
In my mind ip6 are the biggest crap

ne20002 · December 7, 2019, 4:14pm

I'm not sure if it is crap, but it is complicated (where it should be easier).

I wonder if something like this would work:
a) Havin all my internal subnets (as for IPv4 and VLAN separated) separated by ULA networks.
b) AND: having all devices in all networks being part of only one /64 for public address.

Thoughts:
For internal access ULA IPv6 shall work and the devices are registered with ULA IPv6 in my local DNS ...
For access from outside and for access to outside the global public address shall be used ..

Isn't this the idea of having multiple IPs per NIC?

trendy · December 7, 2019, 5:40pm

Maybe if there was a DHCPv6 listening to every interface and handed Global addresses and used nexthop the link local. I have not tried it, not sure if it will work.