VMware Fusion 8 Pro – IPv6 NAT

I just upgraded to VMware Fusion 8 Pro and noticed that there was a new feature in there for IPv6 NAT. You all know my views on NAT, especially IPv6 NAT but we won’t get into all of that here. 🙂

It looks as though you have to be on Fusion 8 Pro to get this feature. It is super simple to enable.

Below is a basic view of my topology.  My Mac (using the en0 adapter) has an IPv6 address from my local CPE (connected to Comcast).  I have a Linux VM attached to a custom network (vmnet2) that has the IPv4 subnet of 172.16.1.0/24 and the autogenerated (by Fusion) Unique Local IPv6 prefix of FD15:4BA5:5A2B:1002::/64
diagram-fusion-v6-nat

Here is what the Linux host looks like prior to enabling IPv6 NAT:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:2e:cf:c0 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.129/24 brd 172.16.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe2e:cfc0/64 scope link
       valid_lft forever preferred_lft forever

In VMware Fusion 8 Pro, you can enable IPv6 NAT for a network by going into VMware Fusion > Preferences > Network > then select the custom network that you want to enable IPv6 NAT on. The graphic shown below is what my vmnet2 network looks like:
screenshot_130

With IPv6 NAT enabled, the Linux host now has an IPv6 address:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:2e:cf:c0 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.129/24 brd 172.16.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fd15:4ba5:5a2b:1002:24fd:5bf0:baba:4866/64 scope global temporary dynamic
       valid_lft 86398sec preferred_lft 14398sec
    inet6 fd15:4ba5:5a2b:1002:20c:29ff:fe2e:cfc0/64 scope global dynamic
       valid_lft 86398sec preferred_lft 14398sec
    inet6 fe80::20c:29ff:fe2e:cfc0/64 scope link
       valid_lft forever preferred_lft forever

You can see that the Linux host gets two addresses out of the ULA prefix that was autogenerated by Fusion (see the graphic). The first address is the IPv6 privacy extension address and the second is the EUI-64 derived IPv6 address.

I can now ping from the Linux host to the outside (via IPv6 NAT):

localadmin@v6-nat-demo:~$ ping6 -n www.google.com
PING www.google.com(2607:f8b0:400f:803::2004) 56 data bytes
64 bytes from 2607:f8b0:400f:803::2004: icmp_seq=1 ttl=255 time=12.7 ms
64 bytes from 2607:f8b0:400f:803::2004: icmp_seq=2 ttl=255 time=15.0 ms
64 bytes from 2607:f8b0:400f:803::2004: icmp_seq=3 ttl=255 time=14.8 ms

Ping, the ultimate test of success, works. 🙂

Thanks,
Shannon

Leave a Reply

Your email address will not be published. Required fields are marked *