Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

RFC 4864 NAT66

RFC 4864 lists a couple of methods to prevent NAT66. One of what NAT44 can achieve is masking the source addresses of both ends, which is common when two enterprises network admin do not want the real peering hosts to be seen by each other. Of course, connectivity is maintained even with the real addresses masked.

Based on my understanding, Section 4.4 of the RFC proposes the below alternatives to deal with such case.

1. "For the set of hosts that do in fact need to interact externally, by using multiple IPv6 prefixes...to bias the selection process when multiple prefixes are in use such that the ULA would be preferred when the correspondent is also local."

- this cannot hide the real hosts addr

2. Explicit host routes

- this only hides the addr along the paths, does not hide the real hosts addr

3. Home Agent tunnel

- not sure how to implement this...

4. Attach both ends to the same vlan while keeping different IPv6 addresses

- if L2 topology allows, does it imply using broadcast between the hosts?

These methods, except HA tunnel, seem not prevent peers from knowing the real addresses. Or there is any thing I may not understand correctly regarding the RFC?

Thanks.

Everyone's tags (1)
101
Views
0
Helpful
0
Replies