IETF Logo Mail Archive

Re: IESG position on NAT traversal and IPv4/IPv6

Martin Rex <mrex@sap.com> Wed, 17 November 2010 17:42 UTC

Return-Path: <mrex@sap.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A23283A6968 for <ietf@core3.amsl.com>; Wed, 17 Nov 2010 09:42:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.121
X-Spam-Level:
X-Spam-Status: No, score=-10.121 tagged_above=-999 required=5 tests=[AWL=0.128, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A4AUQKkMrp1W for <ietf@core3.amsl.com>; Wed, 17 Nov 2010 09:42:06 -0800 (PST)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id D4F133A6946 for <ietf@ietf.org>; Wed, 17 Nov 2010 09:41:16 -0800 (PST)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id oAHHfmOV021865 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 17 Nov 2010 18:41:53 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <201011171741.oAHHfkAp014464@fs4113.wdf.sap.corp>
Subject: Re: IESG position on NAT traversal and IPv4/IPv6
To: mohta@necom830.hpcl.titech.ac.jp
Date: Wed, 17 Nov 2010 18:41:46 +0100
In-Reply-To: <4CE3D4A4.2010209@necom830.hpcl.titech.ac.jp> from "Masataka Ohta" at Nov 17, 10 10:12:04 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal03
X-SAP: out
Cc: hallam@gmail.com, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Nov 2010 17:42:07 -0000

Masataka Ohta wrote:
> 
> Martin Rex wrote:
> > 
> >> According to your theory, a universal NAT traversal protocol
> >> should already exists.
> > 
> > Correct.  It is called the HTTP CONNECT method.
> 
> If, with your definition of "traversal", tunneling is a form
> of traversal, tunneling by IPSEC is a standard firewall
> traversal protocol and is much better than HTTP CONNECT
> because of UDP.

Not quite.  Tunneling needs matching configurations on both ends,
and that rarely works, in particular on a global scale with
peers you do not know a-priori.

In the general case you have only control (and can modify)
the behaviour of your endpoints and nearby middle boxes on your side
of the network, and the other side is either accessible or not.

Home DSL routers usually do NAT.  For outgoing connections,
they're transparent.  For incoming connections, it is either
possible to configure static mappings (external->internal)
or there might be some dynamic configurability through UPnP.
UDP included.


-Martin

v2.23.0 | Report a Bug | By Email