tag:blogger.com,1999:blog-11428745.post616628930991945575..comments2024-03-05T18:37:53.734-08:00Comments on Howfunky.com: IPv6 to IPv6 Network Prefix Translation or NPTv6Howfunkyhttp://www.blogger.com/profile/06910843690691777096noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-11428745.post-48048257514845761172016-11-18T05:00:03.116-08:002016-11-18T05:00:03.116-08:00> NPT does indeed break protocols that embed IP...> NPT does indeed break protocols that embed IP addresses.<br />> I would argue that such protocols are broken by design, despite the fact that they are so pervasive.<br /><br />Aren't ICMPv6 Packet Too Big et al packets with IP addresses in their payload (namely the IP header of the packet that triggered the error)? RFC 6296 doesn't mention these.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-11428745.post-73776933595168976602016-02-25T07:57:13.901-08:002016-02-25T07:57:13.901-08:00What a lot of people miss when they discuss RFC 62...What a lot of people miss when they discuss RFC 6296 is that it is marked as experimental, and not on the standards track.<br /><br />"This document is not an Internet Standards Track specification; it is published for examination, experimental implementation, and evaluation."<br /><br />It would be a mistake to depend on this particular RFC. If NAT66 ever does become a standard, it will be in a different RFC.<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-11428745.post-87419477547552123772015-03-23T19:59:46.409-07:002015-03-23T19:59:46.409-07:00Very well written post and I think you've touc...Very well written post and I think you've touched on the 1 thing that has caused resistance to the IPv6 Shift(in my opinion), no port address translation. Overloading isn't really needed and I get that, but port address translation should be available. It's often used as an added security feature to hide the incoming ports in the higher port ranges and translate them down to their common port numbers once they are internal. This doesn't take the place of security devices but putting incoming ports on uncommon port numbers is just good practice to assist in hacking avoidance, unless (of course)you want something in a DMZ and open to the public.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-11428745.post-75273268119226036492012-10-23T15:36:49.170-07:002012-10-23T15:36:49.170-07:00NPT does indeed break protocols that embed IP addr...NPT does indeed break protocols that embed IP addresses. I would argue that such protocols are broken by design, despite the fact that they are so pervasive.Philhttps://www.blogger.com/profile/05090135484726048846noreply@blogger.comtag:blogger.com,1999:blog-11428745.post-45816620467899173082012-07-08T15:10:03.628-07:002012-07-08T15:10:03.628-07:00Great articel about NPT.
Another reason why NPT or...Great articel about NPT.<br />Another reason why NPT or NAT is needed can be found on http://unixfarm.blogspot.de/vt220https://www.blogger.com/profile/05915309660618263081noreply@blogger.comtag:blogger.com,1999:blog-11428745.post-76781891999628274372012-04-02T07:18:05.569-07:002012-04-02T07:18:05.569-07:00Very interesting, thanks BUT presumably using NPT ...Very interesting, thanks BUT presumably using NPT still breaks end-to-end protocols which embed the source address into the protocol, such as IPSec ?Anonymousnoreply@blogger.com