Re: avoiding pitfalls in v4/v6 NAT (was Re: About IETF communication skills)
Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 04 August 2008 23:34 UTC
Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D4F493A68F2; Mon, 4 Aug 2008 16:34:59 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 43DD93A6850 for <ietf@core3.amsl.com>; Mon, 4 Aug 2008 16:34:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yQdTX9Sz8u8F for <ietf@core3.amsl.com>; Mon, 4 Aug 2008 16:34:57 -0700 (PDT)
Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.224]) by core3.amsl.com (Postfix) with ESMTP id C79B33A635F for <ietf@ietf.org>; Mon, 4 Aug 2008 16:34:30 -0700 (PDT)
Received: by rv-out-0506.google.com with SMTP id b25so1953485rvf.49 for <ietf@ietf.org>; Mon, 04 Aug 2008 16:35:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :organization:user-agent:mime-version:to:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=b9f7mdCksCIFKOuYZ9MA7cIP+YFIXd2w3SyTeLFC6I4=; b=iE7Y6p2O3rtusLNczggLH8Gu2FQRjZZaPLr3aEd55gEqKaXVBh5BgAANXAcvijNQo6 Nc7fz9h/J7jNAjI4Xyn+k149Uuqs64Ln+UdDiPpmWVF+CjjZr5IHZJ0s1dPbVN5b+f5G yOnNWGL1s+57tfctnPS7awVhsx0jAFtHURnjY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=D9uOjj2wjtNjx42GDNQTad6tseHQp8g3Mt7T6nK8wURvmKepmIfCpqFLvnm8tqMmnD C98pC46VoT1X9NjztI45KcOlIjcFCTKzBFYtkxNyqIpqwAas5q5z+dWBJOVJF00D1SdX 6ZBjDbDevxS4C9DIJG1Hf+NmhinG8P0TajlE8=
Received: by 10.141.42.10 with SMTP id u10mr7828372rvj.141.1217892900227; Mon, 04 Aug 2008 16:35:00 -0700 (PDT)
Received: from ?130.216.38.124? ( [130.216.38.124]) by mx.google.com with ESMTPS id b8sm8098906rvf.8.2008.08.04.16.34.58 (version=SSLv3 cipher=RC4-MD5); Mon, 04 Aug 2008 16:34:59 -0700 (PDT)
Message-ID: <4897921E.7000707@gmail.com>
Date: Tue, 05 Aug 2008 11:34:54 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Noel Chiappa <jnc@mercury.lcs.mit.edu>
Subject: Re: avoiding pitfalls in v4/v6 NAT (was Re: About IETF communication skills)
References: <20080803140946.529166BE5C2@mercury.lcs.mit.edu>
In-Reply-To: <20080803140946.529166BE5C2@mercury.lcs.mit.edu>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
On 2008-08-04 02:09, Noel Chiappa wrote: > > From: Keith Moore <moore@network-heretics.com> > > >>> these limitations don't inherently apply to NAT between v4 and v6, > > >> I thought the inherent problems ... would apply to an IPv4-IPv6 NAT, > >> when such a device is used to allow a group of hosts with only IPv6 > >> addresses to communicate with IPv4-only machines. What am I missing? > > > one of the worst assumptions in v4 NAT design was the assumption that > > the endpoints don't need to know about the NATs. By now it should be > > obvious that for a great many reasons, they do. For example, they > > clearly need to know about the address binding across the NAT > > ... > > For similar reasons you can make the management of the address:port > > binding an explicit agreement between the host or app and the NAT. > > ... > > Explicit management of address bindings goes a long way toward getting > > rid of the fragility due to address bindings in the NAT. > > Ah, got it. I hadn't realized this was what you meant by "NAT between v4 and > v6", because to me these are the kind of things that (in IPv4) were being > explored by the middle-box (MidCom) WG, so I think of them as 'middle box > functionality', not 'NAT' (since to me, part of what NAT means is that 'you > don't have to modify the hosts'). > > > The cost of this is that you need an established relationship between a > > host and its v4/v6 NAT > > Not just that, but to make this really useful, you'd have to add this 'NAT > interaction' stuff to the core IPv6 spec, get it added to all IPv6 > implementations, and then get it deployed to all existing IPv6-capable boxes. > > Leaving aside the engineering/logistical difficulties involved in doing all > that, it seems to me that this would basically amount to formally 'adding NAT > to IPv6', which is a claim made in the story which some people were saying > was inaccurate. The fact that it's not necesarily used in v6/v6 interactions > is an awfully fine hair to split, to claim that 'well, we're not actually > adding NAT to IPv6'. If it's in the core spec, it's in IPv6. > > (And that v6/v6 exemption might not stand, if people deal with v6's inability > to give them provider independence, due to its retention of the obsoleteq > IPv4 single-namespace architecture, by using v6-v6 NATs to give them provider > independece - which is a big driver for v4-v4 NATs, I gather.) > > Anyway, it seems like the story is more accurate than many people realized... > Either this functionality is added to the IPv6 core spec, or the IPv6/v4 NAT > boxes (which many people now seem to feel are required for a viable > deployment plan) will display the same crippling problems as v4/v4 NAT... Certainly, my conclusion while working on http://tools.ietf.org/id/draft-carpenter-shanti (which is not an active proposal, so no need for a critique ;-) and I suspect Remi's conclusion while working on http://tools.ietf.org/id/draft-despres-v6ops-apbp was very similar - the architectural holes can best be plugged if the v6 host knows the translation that is in effect. But there's a strong school of thought that we need to be able to deal with RFC2460 hosts, i.e v6 hosts that have no such knowledge. Brian _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- Re: avoiding pitfalls in v4/v6 NAT (was Re: About… Noel Chiappa
- Re: avoiding pitfalls in v4/v6 NAT (was Re: About… Keith Moore
- Re: avoiding pitfalls in v4/v6 NAT (was Re: About… Noel Chiappa
- Re: avoiding pitfalls in v4/v6 NAT (was Re: About… Keith Moore
- Re: avoiding pitfalls in v4/v6 NAT (was Re: About… Brian E Carpenter