Shulou(Shulou.com)06/01 Report--

What is the NAT principle of IPv6? in order to solve this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible way.

While hundreds of millions of Internet users enjoy the convenience brought by Internet, the problem of IPv4 address exhaustion was recognized by network experts as early as 20 years ago, and took measures to delay the consumption of IPv4, which is NAT (Network address Translation) technology. The main function of NAT is to save IP addresses, rather than increasing the directionality of IP and hiding private IP, and the NAT of IPv4 breaks the "interconnection" feature of the Internet itself, so that some IP addresses are no longer bidirectional. NAT adds a direction to the directionless IP protocol, especially the NAT type of stateful. At this time, the era of IPv6 has gradually come.

What is the reason why NAT is not recommended in IPv6 standards? We know that there are so many IPv6 addresses that ants can be equipped with IP devices as long as they are on earth, so some patching methods of IPv4 will no longer be needed. In order to maintain the purity of the protocol itself and related standards, NAT is almost no longer recommended in IPv6. Although it is no longer recommended, it may be necessary to implement NAT for IPv6 in some cases. In the title of RFC6296, IPv6-to-IPv6 Network Prefix Translation, the key points of the implementation of NAT under IPv6 are described, and a reasonable suggestion is given, which not only keeps the non-directionality of IP, but also satisfies the semantics of NAT, which is the reason of NAT stateless of IPv6.

IPv6 address has nearly 128bits that can be allocated at will, and its huge address space, the average unit will be assigned to a network segment with a large number of addresses, this network segment has enough addresses to map with intranet hosts, that is, the IP address pool that can be used for mapping is huge, and since you no longer want to use non-IP layer information to maintain information and maintain mapping, you should use pure IP layer information. This has the least impact on the upper level. For IPv6, NAT uses the checksum algorithm to maintain flow identification information, regardless of whose checksum the checksum is, because it does not change the checksum... of the packet at all

Next, let's talk about checksum independence and automatic conversion, that is, consider a+b+c+d=X. Where X is checksum, we regard the IP b as the two parts of the source IP address, and the IP d as the two parts of the destination IP address. We do the source address translation to change both an and b, such as a to A, then change b to how much to keep the value X of the checksum unchanged, and solve it. IPv6's proposed implementation of NAT is also based on the above principle, only to replace it with a computer Boolean number field to solve. Since it is possible not to touch the checksum value of layer 4, the impact of NAT on layer 4 protocols is reduced, although it still does not solve problems such as ESP/AH traversing NAT. Based on the above algorithm, IPv6 can automatically generate a new IP address for mapping in a given subnet segment when doing NAT. From the perspective of the algorithm itself, the possibility of conflict is as small as zero.

Since IPv6's NAT mechanism "automatically" selects an IP address for a connection, how do you convert the address to the original address when the return packet arrives? The NAT of IPv6 depends entirely on the algorithm itself, and the algorithm itself can convert the translated address back to the original, which has the uniqueness of the solution. in the NAT implementation of IPv6, the algorithm only automatically generates the address information of 16 bits in the IP address, while the others need to be explicitly configured manually, because the intranet IPv6 address can be mapped to a unique address using the MAC address, and the translated address is unique. Reverse all this and eventually map back to the original IP address.

If you put aside address translation and just consider the algorithm itself, you can still give a code that actually works, which uses the algorithm that calculates checksum:

# include

# include

# include

/ / the following two functions are used to calculate the check code. For more information, please see RFC1071/RFC1624/RFC1141.

Static inline u_int16_t add16 (

U_int16_t a

U_int16_t b)

{

A + = b

Return a + (a < b)

}

Static inline u_int16_t csum16 (const u_int16_t * buf, int len)

{

U_int16_t csum = 0

While (len--) csum = add16 (csum, * buf++)

Return csum

}

Int main (int argc, char * * argv)

{

U_int16_t buf [18] = {0}

Int I = 0

Memcpy (buf, "efghhijk", 8)

Memcpy (buf+4, "12345678", 8)

Memcpy (buf+8, "xxyywert", 8)

Memcpy (buf+12, "zxcvkljh", 8)

/ / the correct thing to do is to print hexadecimal data, here a string is printed for simplicity

Printf ("original data:% s length:% d\ n", (char*) buf, strlen ((char*) buf)

Printf ("check code for raw data:% X\ n", csum16 (buf, 16))

U_int16_t tip [3] = {0}

Memcpy (tip, "# $!%", 4)

U_int16_t tip_sum = csum16 (tip, 2)

Printf ("\ nNAT Rule: efghhijk1234/12-> EFGHIJKG benchmark% Universe 12\ n\ n")

Printf ("fixed modification of 4 bytes from the 9th byte to:% s with the check code:% X\ n", (char*) tip, tip_sum)

/ / locate the dynamically modified initial address after fixed modification. Note that we only modify 16-bit information.

Uplift 16 pcsum * pcsum = buf + 4room2

/ / calculate dynamically modified values

* pcsum = ~ add16 (

Add16 (

~ (* pcsum)

~ csum16 (buf+4, 2)

),

Tip_sum

);

Printf ("dynamically modified value is:% X\ n", * pcsum)

Memcpy (buf+4, tip, 4); / / complete the modification

Printf ("current data:% s length:% d\ n", buf, strlen ((char*) buf))

Printf ("current check code:% X\ n", csum16 (buf, 16))

Printf ("- the following is the restore operation -\ n")

Printf ("\ nreverse NAT rule: EFGHIJK inverse NAT% Universe 12-> efghhijk1234/12\ n\ n")

U_int16_t tip2 [3] = {0}

Memcpy (tip2, "1234", 4)

Printf ("We only need to remember:% s\ n", tip2) before the original data is fixed.

U_int16_t tip_sum2 = csum16 (tip2, 2)

Upright 16 pcsum2 * pcsum2 = buf+6

* pcsum2 = ~ add16 (

Add16 (

~ (* pcsum2)

~ csum16 (buf+4, 2)

),

Tip_sum2

);

/ / restore

Memcpy (buf+4, tip2, 4)

Printf ("Raw data:% s\ n", (char *) buf)

Printf ("original check code:% X\ n", csum16 (buf, 16))

}

The running results are as follows:

Applying the above principles to the NAT of IPv6 is a kind of implementation.

The answer to the question about the NAT principle of IPv6 is shared here. I hope the above content can be of some help to everyone. If you still have a lot of doubts to be solved, you can follow the industry information channel to learn more about it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.