Community discussions

MikroTik App
 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Topic Author
Posts: 987
Joined: Tue Oct 11, 2005 4:53 pm

Feature Request: IPv6 NAT66 Support

Fri Oct 24, 2014 3:10 pm

It would be really nice to add NAT66 support for IPv6 in ROSv7!

Thanks.
Last edited by Cha0s on Sun Jan 31, 2016 6:16 pm, edited 2 times in total.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24608
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature Request: IPv6 NAT Support

Fri Oct 24, 2014 3:47 pm

You mean NAT64?
No answer to your question? How to write posts
 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Topic Author
Posts: 987
Joined: Tue Oct 11, 2005 4:53 pm

Re: Feature Request: IPv6 NAT Support

Fri Oct 24, 2014 4:02 pm

No, I mean proper IPv6 NAT support.

As far as I know it is now supported on kernels 3.9+
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24608
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature Request: IPv6 NAT Support

Fri Oct 24, 2014 4:07 pm

Please give links to the RFC or description of what you mean.

IPv6 doesn't need any NAT by design :) The only NAT is needed to access IPv4 (NAT64)
No answer to your question? How to write posts
 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Topic Author
Posts: 987
Joined: Tue Oct 11, 2005 4:53 pm

Re: Feature Request: IPv6 NAT Support

Fri Oct 24, 2014 4:39 pm

Forgive me, I meant to say NAT66 (which is the proper term).

https://tools.ietf.org/html/draft-mrw-behave-nat66-01

Juniper has already implemented NAT66.
http://www.juniper.net/techpubs/en_US/j ... ml#jd0e173
IPv6 NAT

IPv6-to-IPv6 NAT (NAT66), defined in Internet draft draft-mrw-behave-nat66-01, IPv6-to-IPv6 Network Address Translation (NAT66), is fully supported by the Junos OS.
http://www.juniper.net/documentation/en ... rview.html

Also CentOS for example with kernel 3.7+ already supports NAT66
http://atoomnet.net/howto-ipv6-nat-in-centos-6/
http://kernelnewbies.org/Linux_3.7#head ... c118ba2beb

There is also an RFC about NPT (Network prefix translation) - also useful.
https://tools.ietf.org/html/rfc6296


Regardless of the RFCs though, I believe NAT66 is an extremely useful feature.
It would be a shame to not implement it when giants like Juniper do.

Since RouterOS is essentially linux based, and since the linux kernel in recent versions does support NAT66 it's merely a matter of integrating an already implemented feature on ROS UI/CLI (ok that's a speculation on my part, but I mean the hard work - implementation - has already been done :) ).

Please consider adding support for NAT66. I am sure many people will appreciate it.
It won't hurt those who oppose NAT but it will help those who need it for whatever reasons (good or bad - in network engineering terms).
 
Majklik
newbie
Posts: 35
Joined: Fri Dec 23, 2011 10:20 pm

Re: Feature Request: IPv6 NAT Support

Tue Nov 18, 2014 2:36 pm

I'm not for NAT66 but NPT (RFC6296 ) is in some configuration usefull for SME with multi homing connection to the Internet and linux kernel supports this. For this feature I vote.
But please - firstly policy routing for IPv6 (witout it is not multihoming NPT possible) and router advertisement with router selection priority (RFC4191 / cap 2.1 a 2.2).
 
R1CH
Forum Veteran
Forum Veteran
Posts: 926
Joined: Sun Oct 01, 2006 11:44 pm

Re: Feature Request: IPv6 NAT Support

Tue Nov 18, 2014 10:24 pm

If you need to use NAT with IPv6 you're doing something wrong..
 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Topic Author
Posts: 987
Joined: Tue Oct 11, 2005 4:53 pm

Re: Feature Request: IPv6 NAT Support

Tue Nov 18, 2014 10:51 pm

If you need to use NAT with IPv6 you're doing something wrong..
No offense, but that's just a lame argument and you know it. By that logic if you are using NAT on IPv4 (which I am sure you do) then you are doing something wrong. There isn't right and wrong. NAT is just a tool among many others. Just because you don't need it or you don't like it doesn't make it 'wrong'.

Or just because the so called IPv6-evangellists say there shouldn't be NAT, that does not mean that there are not legit use cases for some networks.

What I really don't understand is what is the problem? If someone does not want to use NAT (for ideological IPv6 nonsense or because there is no need) then don't use it. But some of us need to use it so please enough with this 'propaganda' about NAT.

If Juniper - which is among the leaders that actually route the whole internet - implements it then there is a reason and a use for it.
I don't think that a company that deals only with enterprise clients would spend time implement a feature that wasn't asked for.

I honestly cannot understand why anyone would oppose to a feature that they don't need. If you don't need it just don't use it. Don't deprive the rest of us of the opportunity to have it.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1223
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: Feature Request: IPv6 NAT Support

Wed Nov 19, 2014 8:52 am

Ok. NAT66 is wrong.

Let's see...
You have a private network, and IPv6 IPs assigned to your machines from one provider.
Now you want a secondary provider as redundancy for outgoing IPV6 access, and that provider hands you out another IPv6 subnet (maybe even dynamically assigned).

Except paying a lot of money to have your own IPv6 subnet and publish it via BGP on both providers, can you offer a solution to have this redundancy AND not change network's internal v6 IPs other than NAT66?

Second use case:
A slower static IPv6 subnet from one provider. A high speed dynamically assigned IPv6 subnet from a second one. You want to have incoming connection on the first, outgoing connections for the internal machines on the second... Any other (cheap) solution except NAT66?
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
Majklik
newbie
Posts: 35
Joined: Fri Dec 23, 2011 10:20 pm

Re: Feature Request: IPv6 NAT Support

Wed Nov 19, 2014 3:31 pm

Both scenarios handle IPv6 natively without NAT66 or BGP peering with PI prefixes....
First scenario (active-backup multihoming) I uses in combination with Mikrotik routers on many places for years.
The second (active-active multihoming) is not possible with Mikrotik because ROS do not have support for IPv6 policy routing.
Well, for the second example is now simplest way to use NPT - network prefix translation (RFC6296). that other mechanism (default source address selection configuration and so on). So support for NPT will be nice for this situation in some enviroments - but first, there is missing policy routing for IPv6 (and router preference adverstiment) as background for active-active multihoming in any way.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1223
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: Feature Request: IPv6 NAT Support

Wed Nov 19, 2014 6:50 pm

Ok. Got it now.
Basically both situations can in fact covered by NPT (I have always regarded that one as a kind of NAT).
Tnx. for clarifying this to me.
So +1 for NPT.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
Majklik
newbie
Posts: 35
Joined: Fri Dec 23, 2011 10:20 pm

Re: Feature Request: IPv6 NAT Support

Thu Nov 20, 2014 11:22 am

Yes, with NPT or any other IPv6 NAT variant looks configurtation a bit simplest that to use dynamic renumbering and so on.... But, but - do you tried to use any form of the IPv6 NAT in real life?
I did it and very fastly leave it. This NAT break end-to-end transparency and there are protocols that expect it. When I tested this last time the linux IPv6 NAT was able handle only active FTP.
But protocols like IPsec, SIP VoIP, MIP, ... was not able operate over IPv6 NAT. And if you look deeply in some RFC editorials about IPv6 NATing / IPv6 multihoming and there are recommendatitons for the IPv6 NAT implemetation to not implement any protocol helpers, a recommnedation for the application developers/protocol designers to not complicate their products/protocols with NAT traversal extensions becouse IPv6 NAT is inot intended as mainstream solution...
 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Topic Author
Posts: 987
Joined: Tue Oct 11, 2005 4:53 pm

Re: Feature Request: IPv6 NAT Support

Sat Feb 21, 2015 7:57 pm

Regardless of what some applications/protocols do or don't, having some form of NAT (at least NPT) in your toolbox is useful.
Not all networks are the same, or are able to change because of this arbitrary 'requirement' of end to end connectivity.
Plus not all networks are connected to the public internet but may need a quick n dirty 'gateway' to it without changing tons of IPs just 'because'...

We've all used FTP, SIP, and all of that jazz for 2 decades now with NAT. Yes, it's not perfect, nor 'right' but just because a few protocols require you to have end to end connectivity to work, does not mean that NAT becomes useless or even bad for all the other protocols out there.

Not all use cases are the same.

To put it differently, let's say I don't use RIP because I prefer OSPF or because I am just biased against it.
Should Mikrotik (or any other vendor) ditch RIP because I don't use or like it? Of course not.
I may not need it, but someone else might! I wouldn't go downvoting feature requests just because I don't need them. Especially when they don't interfere with my way of working (as I said, NAT is just a tool, if you don't want it don't use it).
 
Matess
Member Candidate
Member Candidate
Posts: 112
Joined: Wed Sep 01, 2010 3:52 pm

Re: Feature Request: IPv6 NAT Support

Tue Feb 24, 2015 2:53 pm

can someone please explain why there isnt ipv6 (internet adress) to ipv4 (internal network) nat? Lets dont talk about masquerade, but what about 1:1 NAT?
 
whinis
just joined
Posts: 4
Joined: Sat Nov 28, 2015 11:11 pm

Re: Feature Request: IPv6 NAT Support

Tue Jan 05, 2016 8:11 pm

I would +1 this, I have plenty of devices in my setup that I see no need in even having a public address (local media servers,printers) and if I wanted something public nothing is stopping me from assigning one of the /64 addresses to it. It may not be "needed" but I also don't want to have update all firewall rules anytime my ISP decides my currently assigned /64 needs to change. I want to be in control of my assignments ( which means I need a local pool to myself) and allow them to connect whenever I choose (NAT).
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: Feature Request: IPv6 NAT66 Support

Sun Jan 31, 2016 6:44 pm

so far both NAT64 and NAT66 derrivatives are essential and handy.
and NPT-forks for IPv6 aswell, inlcuding rebranded versions from two biggest vendors.
but personally i care bout NAT64 and NAT46(yep, its exist TOO ж)bit more for obvious resons, yet ;=)
either way - NAT remain cornerstone of networking with or without IPv6 or TCP/IP itself(in different shapes/forms, then) :P
 
mutinsa
just joined
Posts: 24
Joined: Tue Feb 06, 2018 4:55 am
Location: Moscow, Russia
Contact:

Re: Feature Request: IPv6 NAT66 Support

Sun May 05, 2019 4:39 pm

+1.
Sergey Mutin
Certified Mikrotik Consultant
MikroTik: MTCNA, MTCRE, MTCIPv6E, MTCTCE, MTCUME, MTCINE, MTCWE | Cisco: CCNA R&S | Juniper: JNCIA-Junos | Zabbix: ZCU | Asterisk: dCAA | IPv6 Forum Certified Network Engineer (Silver) | HE.net IPv6: Sage
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 164
Joined: Fri Jun 29, 2018 2:34 pm

Re: Feature Request: IPv6 NAT66 Support

Sun May 05, 2019 7:58 pm

It would be really nice to add NAT66 support for IPv6 ...
+1

I am dual-homed residential customer and both my ISPs support IPv6.
 
bergonz
just joined
Posts: 10
Joined: Fri Oct 16, 2015 3:01 pm

Re: Feature Request: IPv6 NAT66 Support

Wed May 08, 2019 2:46 pm

IPv6 multihoming without BGP is nearly impossible to do "the IPv6 way", i.e. with two advertised prefixes on the same LAN, from the two routers of the two ISPs. Most people use NAT66 to have a predictable behaviour in case of single failure.

I use it with iptables, it is included in linux kernels since many years. Add it to the list of benefits of an upgraded kernel.

I believe stateless NPTv6 to be useful as well (it solves the use case above), but I do not have a production deployment at this time.

I have been using ND proxy for a while, on a OpenWRT device that I am now trying to replace with a mikrotik using bridge firewall + "use-ip-firewall", i.e. an ND bridge with IPv6 stateful firewall (same /64 prefix in the two interfaces). I am doing it in spare time, but if/when done I will keep you informed.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6673
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: IPv6 NAT66 Support

Wed May 08, 2019 3:06 pm

I asked if there would be extensions to IPv6 on a recent MUM (mentioning only policy routing as an example, as without that the NAT66 usecase is not valid either)
and unfortunately the reply was that MikroTik do not see much use of IPv6 and that new development on it cannot be expected before RouterOS v7.
(and of course we all know about that one...)

It is unfortunate, because indeed the Linux kernel in v6 can probably do all that we need to have at least some support for dual-uplink IPv6 without BGP routing,
just for load balancing and failover.
 
enzain
just joined
Posts: 22
Joined: Wed Jan 17, 2018 9:15 pm

Re: Feature Request: IPv6 NAT66 Support

Sat Jun 15, 2019 9:13 pm

NETMAP needed.

not nat.
 
User avatar
troybowman
just joined
Posts: 9
Joined: Sat Jun 22, 2019 7:37 pm

Re: Feature Request: IPv6 NAT66 Support

Sat Jun 22, 2019 8:37 pm

There is a real need for RFC6296 IPv6-to-IPv6 Network Prefix Translation. No, this is not Port Address Translation or Masquerading. It is straight, simple, 1:1 prefix swapping. It takes simple bitwise operations to swap prefixes. No connection tracking is required. No state is required. No, this isn't for the false sense of security that masquerading grants. The 1:1 mapping still requires a firewall.

A few days ago, I had to re-number all the servers on my local network because Comcast decided to give me a different IPv6 block, again. Devices on my network were broken for hours as they kept using the old IPv6 block until their DHCPv6 expired. Thank goodness for dual-stack because good ol' stable IPv4 came to the rescue.

I have a secondary DSL line from CenturyLink. They assign an entirely different IPv6 block. That entire block changes every single time the PPPoE client logs in.

I have consumer-grade Internet connections. My providers will never allow me to BGP announce my own IPv6 block or another provider's block.

If I want load-balancing or fault recovery for outgoing traffic, I can't do it. I can only DHCPv6 one provider's random IPv6 block on my LAN, or the other provider's random IPv6 block. Having to re-address everything when the primary provider goes down will still break everything until the renumbering is done.

NPT would solve a lot of my problems with IPv6 and two providers who hand out random IPv6 prefixes. If only I could have a static local block that never changes! Then, swap out the first 64 bits for the outgoing provider's block, whichever one it is, and whatever block they decide to give me that day.

Ideally, I would rather have a single static IPv6 prefix that is world-routable through either provider, but I can't see that happening for consumer-grade Internet connections. As long as they keep treating IPv6 prefixes like scarce IPv4 addresses by randomly assigning them, we need NAT66.
 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Topic Author
Posts: 987
Joined: Tue Oct 11, 2005 4:53 pm

Re: Feature Request: IPv6 NAT66 Support

Mon Jun 24, 2019 10:48 am

NETMAP needed.

not nat.
You mean NPT, and both NAT66 and NPT (or netmap) are types of NAT.
 
mutinsa
just joined
Posts: 24
Joined: Tue Feb 06, 2018 4:55 am
Location: Moscow, Russia
Contact:

Re: Feature Request: IPv6 NAT66 Support

Fri Jun 28, 2019 3:23 pm

up
+1.
Sergey Mutin
Certified Mikrotik Consultant
MikroTik: MTCNA, MTCRE, MTCIPv6E, MTCTCE, MTCUME, MTCINE, MTCWE | Cisco: CCNA R&S | Juniper: JNCIA-Junos | Zabbix: ZCU | Asterisk: dCAA | IPv6 Forum Certified Network Engineer (Silver) | HE.net IPv6: Sage
 
enzain
just joined
Posts: 22
Joined: Wed Jan 17, 2018 9:15 pm

Re: Feature Request: IPv6 NAT66 Support

Sun Jun 30, 2019 12:09 pm

More need netmap for IPv6

Is more actually
 
aweher
just joined
Posts: 10
Joined: Wed Sep 12, 2007 7:12 pm

Re: Feature Request: IPv6 NAT66 Support

Fri Apr 17, 2020 7:44 am

I agree, NETMAP is a very useful tool. Its available in the linux kernel and some people could find it helpful.

Please do not deflect the subject saying that NAT is an insult and that it does not exist in IPv6.
We have lots of not-so-important tools implemented in RouterOS just in case, this can be another one.

Kindest regards
 
pe1chl
Forum Guru
Forum Guru
Posts: 6673
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: IPv6 NAT66 Support

Fri Apr 17, 2020 12:34 pm

Yes indeed, but (unless that has changed by now) MikroTik do not see a need to work on IPv6 features as their customers do not request that.
(single requests made to employees do not count, what you need is a big distributor ringing the bell that they lose sales because large numbers of customers require better IPv6 support)
 
alyandon
just joined
Posts: 1
Joined: Fri Mar 16, 2018 8:55 pm

Re: Feature Request: IPv6 NAT66 Support

Thu Apr 23, 2020 6:10 pm

I have recently found a need for something like this as well due to my ISP playing games with changing out ipv6 prefixes underneath me without warning. Would really be nice if I could just renumber my internal network to use ULA and then translate to/from the appropriate prefix at my router.

Who is online

Users browsing this forum: jvanhambelgium, tomekbyd and 76 guests