Re: Stupid NAT tricks and how to stop them.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 5-apr-2006, at 17:09, Michel Py wrote:

By far, the volume of traffic is
peer-to-peer (mostly questionable in terms of copyright). All major P2P apps for the most widely used protocols (bittorrent, edonkey etc) cross NAT nicely, most have UPNP support (no configuration of the NAT box) and some even have external NAT traversal mechanisms that don't even require
to open a port. Breaking games an other low-volume apps serves no
purpose.

This sounds a lot like "NAT doesn't really break anything". If I pretend I'm a regular user for a minute, I can tell you this is not the case. When I used NAT for my Powerbook I had lots of problems doing videochats with Apple's iChat with someone else who was also behind NAT. Even when I configured the single real IP address I got on my Powerbook (very tricky because there was a Cisco SOHO box terminating a PPPoA ADSL link in the middle) it still didn't work very reliably. RTSP with Quicktime didn't work when the Cisco 82x did the NATting, but it would when an Apple Airport Extreme performed NAT.

Peer-to-peer isn't a good example, because of the high built-in redundancy. Even someone who can only set up outgoing sessions can run BitTorrent without too much trouble because there are plenty of peers without NAT or portmappings of some kind (manual, uPnP or NAT- PMP) that can receive the incoming sessions. When the sessions are up, traffic can flow both ways. However, if you read forums or release notes you'll see lots of discussion on port mapping because being able to receive incoming session setup attempts means that you get to connect to more peers (all of them, without port mapping only others that are not behind NAT or do have port mapping) so your downloads are faster.

Given the market place realities the IETF should be careful to make its protocols interoperate with NAT whenever possible, but don't think for a minute that adding NAT workarounds solves the problem completely. Here in the Netherlands ISPs generally give out a single real IP address to their customers, but most customers use a DSL or cable modem with NAT or an additional NAT router or wireless base station so they can connect more than one computer. Despite some individual reports to the contrary, I believe the same is true for most IP users.

However, some ISPs already perform NAT for their customers in their network, and that's only going to increase as IPv4 addresses become more scarce and eventually run out completely. At that point, many people will be behind two layers of NAT. Also, reserving ports will be very hard because many systems share one real IP address. Maybe it's just me, but I don't see the IETF or anyone else for that matter coming up with something that allows communication between two people who are both behind two layers of NAT with any modicum of reliability.

So in addition to supporting NAT where reasonably possible, the IETF should also continue to plan for a future where there is enough address space to make NAT unnecessary. However, universal reachability isn't coming back even if NAT is out of the picture because people love to run firewalls that break way more stuff than intended.

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]