RE: Stupid NAT tricks and how to stop them.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2006-03-28 at 08:00 -0800, Hallam-Baker, Phillip wrote:
> > From: Kurt Erik Lindqvist [mailto:kurtis@xxxxxxxxxxxx] 
> 
> > > NAT is a dead end.  If the Internet does not develop a way 
> > to obsolete 
> > > NAT, the Internet will die.  It will gradually be replaced 
> > by networks 
> > > that are more-or-less IP based but which only run a small number of 
> > > applications, poorly, and expensively.
> > 
> > 
> > ...or you will see an overlay network build on top of 
> > NAT+IPv4 that abstracts the shortcomings away - aka what the 
> > peer to peer networks are doing. End-to-end addressing...
> 
> Precisely. Just what is this fetish about keeping the IP address the same as
> the packet travels?

It certainly doesn't have to be. As long as there is one global
identifier which is the same on the other side. A double NAT (thus
making sure the packet is 100% identical on the sending and receiving
side) with a signalling protocol in between is the solution for this.
And there is something already being worked on which does that: shim6.

> If there is a way for the host to determine that it is behind a NAT and to
> request external registration of necessary ports the whole process can be
> made completely transparent to the hosts at each end.

You are thinking of UPNP (See http://www.upnp.org or read for instance
http://www.microsoft.com/windowsxp/using/setup/expert/crawford_02july22.mspx). Which is already support by Windows for some time and many "NAT boxes" (ohno I should say 'router' or 'firewall' according to them) vendors also nicely implement it. But it is a kludge and a heavy one as all the applications using it also have to support it and it is not always available and there are not too many applications supporting it, let alone protocols. Next to that, when the well known port on the outside IP is taken it won't work. Just like when there are multiple levels of NAT, or there are no rights to control the UPNP process at all.

IPv6 thus gives the advantage over UPNP that:
 - it is clear and simple to all the applications who they are
   talking to based on the source/destination IPv6 address
 - same ideas as IPv4 and no kludges
 - firewalling can remain the normal firewalling
 - multiple tools can use the wellknown ports as there are multiple IP's
 - etc...

Other thing you might want to look at is Teredo (RFC4380), which
basically implements an p2p overlay network on top of IPv4, but using
IPv6 for addressing. (Funny eh that both Teredo and UPNP come out of the
MS stables, guess what these guys wanted to solve...)

Greets,
 Jeroen

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]