Add NPTv6 to NAT chapter

docs/ch08-nat.rst

@@ -257,5 +257,64 @@ source of outbound rules and the destination of inbound rules.
 
 NPTv6 (RFC6296)
 ---------------
-See here : [[How_to_do_NPTv6]]
 
+NPTv6 stands for Network Prefix Translation. It's a form of NAT for IPv6. It's
+described in RFC6296_. NPTv6 is supported in linux kernel since version 3.13.
+
+Usage
+-----
+
+NPTv6 is very useful for IPv6 multihoming. Let's assume the following network
+configuration:
+
+* eth0 : LAN
+* eth1 : WAN1, with 2001:db8:e1::/48 routed towards it
+* eth2 : WAN2, with 2001:db8:e2::/48 routed towards it
+
+Regarding LAN hosts addressing, why would you choose 2001:db8:e1::/48 over
+2001:db8:e2::/48? What happens when you get a new provider with a different
+routed IPv6 subnet?
+
+The solution here is to assign to your hosts ULAs_ and to prefix-translate
+their address to the right subnet when going through your router.
+
+* LAN Subnet : fc00:dead:beef::/48
+* WAN 1 Subnet : 2001:db8:e1::/48
+* WAN 2 Subnet : 2001:db8:e2::/48
+
+* eth0 addr : fc00:dead:beef::1/48
+* eth1 addr : 2001:db8:e1::1/48
+* eth2 addr : 2001:db8:e2::1/48
+
+VyOS Support
+------------
+
+NPTv6 support has been added in VyOS 1.2 (Crux) and is available through
+`nat nptv6` configuration nodes.
+
+.. code-block:: sh
+
+  set rule 10 inside-prefix 'fc00:dead:beef::/48'
+  set rule 10 outside-interface 'eth1'
+  set rule 10 outside-prefix '2001:db8:e1::/48'
+  set rule 20 inside-prefix 'fc00:dead:beef::/48'
+  set rule 20 outside-interface 'eth2'
+  set rule 20 outside-prefix '2001:db8:e2::/48'
+
+Resulting in the following ip6tables rules:
+
+.. code-block:: sh
+
+  Chain VYOS_DNPT_HOOK (1 references)
+   pkts bytes target     prot opt in     out     source               destination
+      0     0 DNPT       all      eth1   any     anywhere             2001:db8:e1::/48    src-pfx 2001:db8:e1::/48 dst-pfx fc00:dead:beef::/48
+      0     0 DNPT       all      eth2   any     anywhere             2001:db8:e2::/48    src-pfx 2001:db8:e2::/48 dst-pfx fc00:dead:beef::/48
+      0     0 RETURN     all      any    any     anywhere             anywhere
+  Chain VYOS_SNPT_HOOK (1 references)
+   pkts bytes target     prot opt in     out     source               destination
+      0     0 SNPT       all      any    eth1    fc00:dead:beef::/48  anywhere            src-pfx fc00:dead:beef::/48 dst-pfx 2001:db8:e1::/48
+      0     0 SNPT       all      any    eth2    fc00:dead:beef::/48  anywhere            src-pfx fc00:dead:beef::/48 dst-pfx 2001:db8:e2::/48
+      0     0 RETURN     all      any    any     anywhere             anywhere
+
+.. _RFC6296: https://tools.ietf.org/html/rfc6296
+.. _ULAs: http://en.wikipedia.org/wiki/Unique_local_address