I administrate the network for a small organisation. Having only experience with IPv4, I’m unsure of how to best approach IPv6.<\/p>\n
We have 13 public IPv4 addresses which are all NAT’ed to internal RFC 1918 addresses (one mapping one-to-many for users, the rest mapping one-to-one for servers). All outgoing traffic goes our ISP’s (single) upstream gateway. Our own router runs Linux.<\/p>\n
In beautiful ASCII art, the network looks akin to this:<\/p>\n
client router upstream\n10.0.0.x 10.0.0.1 192.0.2.2 192.0.2.1\n<\/code><\/pre>\nIPv6 setup<\/h3>\n
Of course, with IPv6, there is no need for NAT, since we have been allocated four \/64 networks (let’s say “9:9:9:0::\/62”), of which one contains the upstream router. What’s the norm for a similar IPv6 network?<\/p>\n
A) Possible IPv6 network layout:<\/p>\n
client router upstream\n9:9:9:1::x 9:9:9:1::1 9:9:9:0::2 9:9:9:0::1\n<\/code><\/pre>\nThe question is then, how to get the upstream gateway to route packets through our router. With NAT and IPv4, it was simple: our router owned the addresses and responded to ARP requests for them. But now, the upstream gateway expects to find the LAN hosts on its own subnet, and fails.<\/p>\n
1) I’ve looked into NDP proxying (the IPv6 version of ARP proxying), to let the router advertise all the addresses in 9:9:9:1\/64. However, Linux, at least, seems to require a separate Netfilter entry per IP-address<\/em>, which is of course entirely impossible with IPv6. Am I missing something?<\/p>\n2) It seems it should be possible to use NDP router advertisement to advertise our router as the “downstream gateway” for 9:9:9:1::\/64. Can’t get it to work, though. Perhaps our ISP ignores the router advertisement?<\/p>\n
3) Do we need to ask our ISP to manually configure their upstream gateway to use our router? Seems weird it should be necessary under IPv6 and not under IPv4.<\/p>\n","protected":false},"excerpt":{"rendered":"
I administrate the network for a small organisation. Having only experience with IPv4, I’m unsure of how to best approach IPv6. Existing IPv4 setup We have 13 public IPv4 addresses which are all NAT’ed to internal RFC 1918 addresses (one mapping one-to-many for users, the rest mapping one-to-one for servers). All outgoing traffic goes our […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6797","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/6797","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/comments?post=6797"}],"version-history":[{"count":0,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/6797\/revisions"}],"wp:attachment":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/media?parent=6797"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/categories?post=6797"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/tags?post=6797"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}