Comment on draft-iab-ipv6-nat-00

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Lixia, David, and all -

I think it is very useful that IAB is taking position on the issue of
NAT in IPv6. And it is great that you, Lixia and David, have documented
this position. Below I have one comment on the document. I admit that
the comment is a bit hypothetical, but I do believe it is worthwhile to
be considered in the discussion around IPv6 NAT.

On page 9, you state, based on a citation from RFC 4924:  "We believe
that providing end-to-end transparency [...] is key to the success of
the Internet."  I think this statement needs elaboration.  End-to-end
transparency is not a reason for the success of the Internet.  Instead,
it is a requirement that follows from the overloading of identification
and location semantics onto IP addresses:  It is exactly those
applications that pursue this overloading, in form of address referrals,
which have difficulties with the lack of end-to-end transparency.

Of course, this is not to mean that NAT, as used in IPv4 today, would be
a harmless technology if we had a clean identifier-locator separation.
But this is because IPv4 NAT does more potentially harmful things apart
from removing end-to-end transparency. The reason for the harmfulness of
IPv4 NAT is not the address rewriting by itself; it is that IPv4 NATs
multiplex multiple internal addresses onto a single external address.
This "address overloading" is causing problems that wouldn't go away
even if we had a clean identifier-locator separation -- problems in
terms of reduced host reachability, reduced network robustness, and a
limitation to connection types with en-route-modifiable port numbers.
The reason why address overloading causes these problems is that it
(a) makes addresses ambiguous and, for the purpose of disambiguation,
(b) adds per-connection state to the network.

Now, assuming we had a large enough number of addresses for a one-to-one
mapping between the internal and external addresses of a NAT, the NAT
could do simple address rewriting without address overloading, hence
avoiding aforementioned problems.  If we further assume that we had a
clean identifier-locator separation, then why would it matter that
simple address rewriting causes a loss of end-to-end transparency?  Why
would it matter if a locator changes en route for a packet if both the
old and the new locator map unambiguously to the same identifier?

I don't think it would matter -- again, provided we had enough addresses
and an identifier-locator separation. Luckily, in IPv6 we have the former;
unfortunately, though, neither in IPv4 nor in IPv6 we have the latter.

- Christian


PS: FWIW, draft-vogt-address-translation-harmfulness [1] is related to
    your document.  It is a harmfulness analysis of possible NAT
    designs, which looks at potential problems of the NAT designs, and
    evaluates the cost and completeness of solutions to those problems.
    This includes an evaluation of impacts that NAT deployment may have
    on the rest of the Internet -- a question which, as you say, has so
    far not been sufficiently attended to.

[1] http://users.piuha.net/chvogt/pub/2009/draft-vogt-address-translation-harmfulness-02.txt



_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]